refactor: simplify path validation and connection_init via shared helpers

- Extract _validate_path() in unraid.py — consolidates traversal check + normpath
  + prefix validation used by disk/logs and live/log_tail into one place
- Extract build_connection_init() in subscriptions/utils.py — removes 4 duplicate
  connection_init payload blocks from snapshot.py (×2), manager.py, diagnostics.py;
  also fixes diagnostics.py bug where x-api-key: None was sent when no key configured
- Remove _LIVE_ALLOWED_LOG_PREFIXES alias — direct reference to _ALLOWED_LOG_PREFIXES
- Move import hmac to module level in server.py (was inside verify_token hot path)

Co-Authored-By: Claude <noreply@anthropic.com>

unraid_mcp/server.py

@@ -4,6 +4,7 @@ This is the main server implementation using the modular architecture with
 separate modules for configuration, core functionality, subscriptions, and tools.
 """
 
+import hmac
 import sys
 from typing import Any
 
@@ -94,8 +95,6 @@ class ApiKeyVerifier(TokenVerifier):
         self._api_key = api_key
 
     async def verify_token(self, token: str) -> AccessToken | None:
-        import hmac
-
         if self._api_key and hmac.compare_digest(token.encode(), self._api_key.encode()):
             return AccessToken(
                 token=token,