Fix DB paths, add auth to sensitive endpoints, misc bug fixes

- scheduler.py: Use full path for scheduler_state.db instead of relative name
- recycle.py: Use full path for thumbnails.db instead of relative name
- cloud_backup.py, maintenance.py, stats.py: Require admin for config/cleanup/settings endpoints
- press.py: Add auth to press image serving endpoint
- private_gallery.py: Fix _create_pg_job call and add missing secrets import
- appearances.py: Use sync httpx instead of asyncio.run for background thread HTTP call

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

web/backend/routers/maintenance.py

@@ -15,7 +15,7 @@ from fastapi import APIRouter, Depends, Request, BackgroundTasks
 from slowapi import Limiter
 from slowapi.util import get_remote_address
 
-from ..core.dependencies import get_current_user, get_app_state
+from ..core.dependencies import get_current_user, require_admin, get_app_state
 from ..core.config import settings
 from ..core.responses import now_iso8601
 from ..core.exceptions import handle_exceptions
@@ -63,7 +63,7 @@ async def cleanup_missing_files(
     request: Request,
     background_tasks: BackgroundTasks,
     dry_run: bool = True,
-    current_user: Dict = Depends(get_current_user)
+    current_user: Dict = Depends(require_admin)
 ):
     """
     Scan all database tables for file references and remove entries for missing files.