Restrict server detail access for guests

- Add isGuest flag to UserContext
- Block guests from navigating to /server/:id route
- Make ServerCards non-clickable for guests
- Add rejectGuest middleware to backend
- Protect server detail endpoints (/:id, /metrics/history, /whitelist)

Guests can now only view the dashboard overview without accessing
individual server details.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

gsm-frontend/src/components/ServerCard.jsx

@@ -64,7 +64,7 @@ const getServerInfo = (serverName) => {
   return null
 }
 
-export default function ServerCard({ server, onClick, isAuthenticated, displaySettings }) {
+export default function ServerCard({ server, onClick, isAuthenticated, isGuest, displaySettings }) {
   const defaultInfo = getServerInfo(server.name)
 
   // Merge default info with database display settings (database takes priority)
@@ -117,10 +117,12 @@ export default function ServerCard({ server, onClick, isAuthenticated, displaySe
   const statusBadge = getStatusBadge()
   const isUnreachable = server.status === 'unreachable'
 
+  const isClickable = !isUnreachable && !isGuest && onClick
+
   return (
     <div
-      className={isUnreachable ? "card p-5 opacity-50 cursor-not-allowed" : "card card-clickable p-5"}
-      onClick={isUnreachable ? undefined : onClick}
+      className={isUnreachable ? "card p-5 opacity-50 cursor-not-allowed" : (isClickable ? "card card-clickable p-5" : "card p-5")}
+      onClick={isClickable ? onClick : undefined}
     >
       {/* Header */}
       <div className="flex items-center justify-between mb-2">