Add NanoID; security, health, docs & docker fixes

Introduce NanoID for user ID generation and enable optional nanoid in commons crate. Implement multiple security hardenings: verify refresh token role matches current user role, reject tokens missing token_type or using Refresh as access, sanitize file download inputs and Content-Disposition header, add WebSocket auth rate limiting, and escape CURRENT_USER() replacement to avoid injection. Restrict /healthz and /readyz to localhost to prevent remote info disclosure and change default CORS to disable credentials. Minor robustness and UX fixes: skip re-loading cached tables in SchemaRegistry, default TopicOp and Default impls, small FlatBuffer init fix, adjust tests and CLI session setup check. Add Keycloak entrypoint and compose tweaks for newer Keycloak versions, update README (layout, quick start, examples) and include KalamDB logo image.

Author: jamals86

Cargo.lock

@@ -82,6 +82,9 @@ actix-multipart = "0.7"
 # UUID generation
 uuid = { version = "1.21.0", features = ["v4", "v7", "serde"] }
 
+# NanoID generation (21-char URL-safe unique IDs)
+nanoid = "0.4.0"
+
 # ULID generation
 ulid = "1.1"
 

Cargo.toml

@@ -1281,6 +1281,8 @@ Query OK, 0 rows affected
 
 187) subscription id is too long   "subscription_id": "u_ec6f250a2c094e2492ee61a83d0839d4-bc83de82331b416fb0f54be67759f55b-sub-359870fa18caeb70",
 come uop with a better and shorter one without causing issues in the future
+Also for a better userid unique one: NanoID
+
 
 188) Instead of notify all followers remember where the user is connected to through the livequerymanager and forward the notification to that exact node only