Fix CORS restrictions and development server configuration

Remove CORS headers to enable universal image support and fix local API server settings.

## Changes

**Remove CORS Headers**
- Remove Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy headers
- Enables images from any domain (Facebook, Medium, arbitrary websites)
- Database falls back to IndexedDB mode (minimal performance impact)

**Fix Local Development Configuration**
- Set LOCAL_ENDORSER_API_SERVER to http://127.0.0.1:3000 (was "/api")
- Create .env.development with local API server config
- Fix ensureCorrectApiServer() method in HomeView.vue
- "Use Local" button now sets proper localhost address

**Fix Settings Cache Issues**
- Add PlatformServiceMixin to AccountViewView.vue
- Disable settings caching to prevent stale data
- Settings changes now apply immediately without browser refresh

## Impact

**Tradeoffs:**
- Lost: ~2x SharedArrayBuffer database performance
- Gained: Universal image support from any domain
- Result: Better user experience, database still fast via IndexedDB

**Files Modified:**
- Configuration: vite.config.*.mts, index.html, .env.development
- Source: constants/app.ts, libs/util.ts, views/*.vue, utils/PlatformServiceMixin.ts

## Rationale

For a community platform, universal image support is more critical than marginal
database performance gains. Users share images from arbitrary websites, making
CORS restrictions incompatible with Time Safari's core mission.

src/libs/util.ts

@@ -928,54 +928,22 @@ export async function importFromMnemonic(
 }
 
 /**
- * Transforms direct image URLs to use proxy endpoints in development to avoid CORS issues
- * with restrictive headers required for SharedArrayBuffer support.
+ * Legacy function name maintained for compatibility.
+ * Now simply returns the original URL since CORS headers have been disabled
+ * to allow images from any domain.
  *
  * @param imageUrl - The original image URL
- * @returns Transformed URL that uses proxy in development, original URL otherwise
+ * @returns The original image URL unchanged
  *
- * @example
- * transformImageUrlForCors('https://image.timesafari.app/abc123.jpg')
- * // Returns: '/image-proxy/abc123.jpg' in development
- * // Returns: 'https://image.timesafari.app/abc123.jpg' in production
- *
- * transformImageUrlForCors('https://live.staticflickr.com/2853/9194403742_c8297b965b_b.jpg')
- * // Returns: '/flickr-proxy/2853/9194403742_c8297b965b_b.jpg' in development
- * // Returns: 'https://live.staticflickr.com/2853/9194403742_c8297b965b_b.jpg' in production
+ * @deprecated CORS restrictions have been removed - images load directly from any domain
  */
 export function transformImageUrlForCors(
   imageUrl: string | undefined | null,
 ): string {
   if (!imageUrl) return "";
 
-  // Only transform in development mode
-  if (process.env.NODE_ENV === "production") {
-    return imageUrl;
-  }
-
-  // Transform direct image.timesafari.app URLs to use proxy
-  if (imageUrl.startsWith("https://image.timesafari.app/")) {
-    const imagePath = imageUrl.replace("https://image.timesafari.app/", "");
-    return `/image-proxy/${imagePath}`;
-  }
-
-  // Transform other timesafari.app subdomains if needed
-  if (imageUrl.includes(".timesafari.app/")) {
-    const imagePath = imageUrl.split(".timesafari.app/")[1];
-    return `/image-proxy/${imagePath}`;
-  }
-
-  // Transform Flickr URLs to use proxy
-  if (imageUrl.startsWith("https://live.staticflickr.com/")) {
-    const imagePath = imageUrl.replace("https://live.staticflickr.com/", "");
-    return `/flickr-proxy/${imagePath}`;
-  }
-
-  // Transform other Flickr subdomains if needed
-  if (imageUrl.includes(".staticflickr.com/")) {
-    const imagePath = imageUrl.split(".staticflickr.com/")[1];
-    return `/flickr-proxy/${imagePath}`;
-  }
-
+  // CORS headers disabled - all images load directly from any domain
+  // This enables the community nature of Time Safari where users can
+  // share images from any website without restrictions
   return imageUrl;
 }