Move admin UI to separate internal port (5275) for security

- Admin API and static files only accessible on port 5275
- Main proxy port (8080) no longer serves admin endpoints
- AdminPortFilter rejects admin requests on wrong port
- AdminStaticFilesMiddleware only serves static files on admin port
- Port 5275 NOT exposed in Dockerfile or docker-compose by default
- Access admin UI via SSH tunnel or by uncommenting port mapping

allstarr/Controllers/AdminController.cs

@@ -3,6 +3,7 @@ using Microsoft.Extensions.Options;
 using allstarr.Models.Settings;
 using allstarr.Services.Spotify;
 using allstarr.Services.Common;
+using allstarr.Filters;
 using System.Text.Json;
 using System.Text.RegularExpressions;
 
@@ -11,9 +12,11 @@ namespace allstarr.Controllers;
 /// <summary>
 /// Admin API controller for the web dashboard.
 /// Provides endpoints for viewing status, playlists, and modifying configuration.
+/// Only accessible on internal admin port (5275) - not exposed through reverse proxy.
 /// </summary>
 [ApiController]
 [Route("api/admin")]
+[ServiceFilter(typeof(AdminPortFilter))]
 public class AdminController : ControllerBase
 {
     private readonly ILogger<AdminController> _logger;