Address SonarCloud / Bandit / ruff findings

Five SonarCloud findings cleared, two Bandit B104 suppressions tightened,
one stray ruff F401 removed.

- pyproject.toml (text:S8565) — add uv.lock so transitive versions are
  reproducible across CI / contributor machines (207 packages locked).
- host_service.py:403 (python:S8572) — replace
  ``logging.error("...: %r", error)`` with ``logging.exception(...)`` so
  the traceback lands in the daemon's log.
- webrtc_transport.py:323 (python:S7483) — fix the NOSONAR placement
  syntax. The em-dash separator confused Sonar's parser; explicit rule
  key + ``# reason:`` clause makes the suppression registered. The
  underlying use of ``asyncio.wait_for(timeout=...)`` stays because
  ``asyncio.timeout()`` only landed in 3.11 and the project supports 3.10.
- web_viewer/index.html:1224 (javascript:S7785) — same fix as above for
  the service-worker registration: this file is a plain ``<script>`` so
  top-level await is not legal.
- auto_control_exception_test.py:17 (python:S8518) — iterate the value
  directly out of the enumerate(); drop the now-unused index.

Bandit B104 (hardcoded 0.0.0.0 bind):
- tls_acme/challenge.py and usbip/server.py — both already had
  ``# noqa: S104  # NOSONAR python:S5332  # reason: ...`` justifying the
  external reachability requirement, but Bandit needs its own
  ``# nosec B104`` token on the same line. Added without removing the
  existing context.

ruff F401:
- visual_regression/compare.py — drop the unused ``List`` import.

Author: JE-Chen

je_auto_control/utils/remote_desktop/host_service.py

@@ -399,8 +399,8 @@ def SvcDoRun(self) -> None:  # noqa: N802 pywin32 API
                 )
                 try:
                     config = load_config()
-                except (OSError, ValueError) as error:
-                    logging.error("config load failed: %r", error)
+                except (OSError, ValueError):
+                    logging.exception("config load failed")
                     return
                 run_daemon(config)
     except ImportError:

je_auto_control/utils/remote_desktop/web_viewer/index.html

@@ -1221,7 +1221,7 @@
   // This file is a plain <script>, not a module, so top-level await is
   // not legal here. Service-worker registration is best-effort: any
   // rejection is silently swallowed.
-  navigator.serviceWorker.register("sw.js").catch(() => {});  // NOSONAR — non-module script: top-level await not allowed
+  navigator.serviceWorker.register("sw.js").catch(() => {});  // NOSONAR javascript:S7785 — non-module script: top-level await not allowed
 }
 </script>
 </body>

je_auto_control/utils/remote_desktop/webrtc_transport.py

@@ -335,7 +335,7 @@ def _on_change() -> None:
         # asyncio.timeout() context manager only landed in Python 3.11;
         # this project supports 3.10, where wait_for(timeout=...) is the
         # idiomatic primitive.
-        await asyncio.wait_for(future, timeout=timeout)  # NOSONAR — Python 3.10 compatibility (asyncio.timeout requires 3.11+)
+        await asyncio.wait_for(future, timeout=timeout)  # NOSONAR python:S7483  # reason: asyncio.timeout() needs 3.11+; project supports 3.10
     except asyncio.TimeoutError:
         autocontrol_logger.warning(
             "webrtc: ICE gather timeout; sending what we have",

je_auto_control/utils/tls_acme/challenge.py

@@ -51,7 +51,7 @@ class HttpChallengeServer:
     flow, stop.
     """
 
-    def __init__(self, *, host: str = "0.0.0.0",  # noqa: S104  # NOSONAR python:S5332  # reason: server must be reachable by Let's Encrypt's HTTP-01 validator from the public internet
+    def __init__(self, *, host: str = "0.0.0.0",  # noqa: S104  # nosec B104  # NOSONAR python:S5332  # reason: server must be reachable by Let's Encrypt's HTTP-01 validator from the public internet
                  port: int = 80) -> None:
         self._host = host
         self._port = int(port)

je_auto_control/utils/usbip/server.py

@@ -32,7 +32,7 @@ class UsbIpServer:
     """Thread-per-connection USB/IP server bound to ``UrbBackend``."""
 
     def __init__(self, backend: UrbBackend, *,
-                 host: str = "0.0.0.0",  # noqa: S104  # NOSONAR python:S5332  # reason: USB/IP clients connect from other machines on the LAN
+                 host: str = "0.0.0.0",  # noqa: S104  # nosec B104  # NOSONAR python:S5332  # reason: USB/IP clients connect from other machines on the LAN
                  port: int = 3240) -> None:
         self._backend = backend
         self._host = host

je_auto_control/utils/visual_regression/compare.py

@@ -4,7 +4,7 @@
 import os
 from dataclasses import dataclass, field
 from pathlib import Path
-from typing import List, Optional, Sequence, Tuple
+from typing import Optional, Sequence, Tuple
 
 from PIL import Image, ImageChops, ImageDraw
 

test/unit_test/exception/auto_control_exception_test.py

@@ -14,12 +14,11 @@
     ImageNotFoundException
 ]
 
-for index, value in enumerate(exception_list):
+for value in exception_list:
     try:
         print(value)
-        if exception_list[index] != ImageNotFoundException:
-            raise exception_list[index]()
-        else:
-            raise exception_list[index]("test.png")
+        if value is not ImageNotFoundException:
+            raise value()
+        raise value("test.png")
     except Exception as error:
         print(repr(error))