feat: dedicated server security hardening

Comprehensive security system to protect against packet-sniffing attacks,
XUID harvesting, privilege escalation, bot flooding, and XUID impersonation.

- Stream cipher: per-session XOR cipher with 4-message handshake via
  CustomPayloadPacket (MC|CKey, MC|CAck, MC|COn). Negotiated per-connection,
  backwards compatible (old clients/servers fall back to plaintext).
- Security gate: buffers all game data until cipher handshake completes,
  preventing unsecured clients from receiving any XUIDs or game state.
- Cipher handshake enforcer: kicks clients that don't complete the handshake
  within 5 seconds (configurable via require-secure-client).
- Identity tokens: persistent per-XUID tokens in identity-tokens.json,
  issued over the encrypted channel, verified on reconnect. Prevents XUID
  replay attacks. Client stores server-specific tokens.
- PROXY protocol v1: parses real client IPs from playit.gg tunnel headers
  so rate limiting, IP bans, and XUID spoof detection work per-player.
- Rate limiting: per-IP sliding window (default 5 connections/30s) with
  pending connection cap (default 10).
- Privilege hardening: OP requires ops.json, live checks on every command
  and privilege packet. Host-only server settings changes.
- XUID stripping: PreLoginPacket response sends INVALID_XUID placeholders.
- Packet validation: readUtf global string cap, reduced max packet size,
  stream desync protection on oversized strings.
- OpManager: persistent ops.json with XUID-based OP list.
- Whitelist improvements: whitelist add accepts player names with ambiguity
  detection, XUID cache from login attempts.
- revoketoken command: revoke identity tokens for players who lost theirs.
- server.log: persistent log file written alongside console output with
  flush-per-write to survive crashes.
- CLI security logging: consolidated per-join security summary with cipher
  status, token status, XUID, and real IP. Security warnings for kicks,
  spoofing, and unauthorized commands.

Minecraft.Server/ServerLogger.cpp

@@ -7,10 +7,48 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <string.h>
+#include <mutex>
 
 namespace ServerRuntime
 {
 static volatile LONG g_minLogLevel = (LONG)eServerLogLevel_Info;
+static FILE *g_logFile = NULL;
+static std::once_flag g_logFileOnce;
+
+static void OpenLogFile()
+{
+	if (g_logFile != NULL)
+		return;
+
+	errno_t err = fopen_s(&g_logFile, "server.log", "a");
+	if (err != 0 || g_logFile == NULL)
+	{
+		g_logFile = NULL;
+		printf("[ServerLogger] Warning: Could not open server.log for writing (errno=%d)\n", (int)err);
+		fflush(stdout);
+	}
+}
+
+static void CloseLogFile()
+{
+	if (g_logFile != NULL)
+	{
+		fflush(g_logFile);
+		fclose(g_logFile);
+		g_logFile = NULL;
+	}
+}
+
+static void EnsureLogFileInitialized()
+{
+	std::call_once(g_logFileOnce, []() {
+		OpenLogFile();
+		if (g_logFile != NULL)
+		{
+			atexit(CloseLogFile);
+		}
+	});
+}
 
 static const char *NormalizeCategory(const char *category)
 {
@@ -121,6 +159,14 @@ static void WriteLogLine(EServerLogLevel level, const char *category, const char
 		SetConsoleTextAttribute(stdoutHandle, originalInfo.wAttributes);
 	}
 
+	EnsureLogFileInitialized();
+	if (g_logFile != NULL)
+	{
+		fprintf(g_logFile, "[%s][%s][%s] %s\n",
+			timestamp, LogLevelToString(level), safeCategory, safeMessage);
+		fflush(g_logFile);
+	}
+
 	linenoiseExternalWriteEnd();
 }