Add manual test script for auth and encrypted URLs

scripts/manual-test.sh tests:
1. Healthcheck endpoint
2. Login page displays
3. Wrong password shows error
4. Correct password shows generator
5. Generate encrypted URL
6. Fetch image via encrypted URL
7. Fetch image via direct proxy (whitelisted)
8. Logout redirects to login
9. Expired URL returns 410

config.yaml

@@ -0,0 +1,10 @@
+debug: true
+port: 8080
+state_dir: ./data
+signing_key: "test-signing-key-for-development-only"
+whitelist_hosts:
+  - "*.example.com"
+  - "images.unsplash.com"
+  - "picsum.photos"
+  - "s3.sneak.cloud"
+allow_http: false