Add scheduled apps backup to another pool
This commit adds changes to let the Docker config drive an automated apps-dataset backup to another pool on a cron schedule, disabled by default and weekly (Sunday) when enabled. The scheduled run reuses docker.backup_to_pool, skips/alerts gracefully when the source or target pool is unavailable, and prunes older source snapshots so the schedule doesn't accumulate them indefinitely.
Hack for PR 60224 or PR 60133:
add a specific message when a compat (base32 or base64) set
or a debug (or compat debug) set is not found.
Point at the CD vs. DVD images.
Still not an ideal UI, but reworking this properly is not going
to happen before 11.0, and this is intended as a stopgap fix that
should be pulled up.
Tolerate malformed JSON in audit databases
## Problem
The audit databases store `event_data`/`service_data` as JSON in TEXT columns that SQLite does not validate on insert, so a corrupted or otherwise non-JSON value can persist in a row (e.g. after a storage/IO incident). Audit queries that filter or select on a JSON path compile to `json_extract()`, and SQLite aborts the entire statement with `OperationalError: malformed JSON` the moment it evaluates that over a bad row. This bubbles up uncaught from the SMB alert sources as recurring CRITICAL `AlertSourceRunFailed` alerts, and breaks `audit.query`/`audit.export` and the UI audit page.
## Solution
Guard every JSON-path `json_extract` so a non-JSON row is skipped instead of aborting the query, and surface the corruption rather than dropping it silently.
- **WHERE side** (`datastore/filter.py`): an opt-in `guard_malformed_json` flag wraps the comparison in `CASE WHEN json_valid(col) THEN ... ELSE false`. CASE guarantees `json_valid()` runs before `json_extract()`, so a malformed row is excluded. The flag is forwarded through the `OR` recursion and defaults off, leaving datastore queries byte-for-byte unchanged.
- **SELECT side** (`audit/backend.py`): the audit backend opts in for filters and applies the same guard to `SELECT AS` json-path projections (`ELSE NULL`).
- **Decode hardening**: `decode_audit_json()` also catches `EJSONDecodeError`, so a syntactically valid document with a bad `$date`/`$time`/`$type` payload falls back to the raw string instead of failing the query.
- **Observability**: a daily scan counts rows whose JSON columns are unparseable and raises a per-service `AuditDatabaseCorrupted` alert (cleared once the rows are gone), since the guards otherwise drop corrupt rows quietly.
Covered by unit tests for the WHERE/SELECT guards, the decode helper, the malformed-row count, and the alert clear-key contract, plus an api2 test that seeds a corrupt row end to end.
webui/authentication flow - add "local_uri" type in SanitizeFilter() and use it in the authgui.inc flow to ease reuse later.
The new filter is a bit more strict than it used to be, but for good reasons, we likely need the same cleansing in a couple of other areas like https://github.com/opnsense/core/issues/10433
devel/cvise: make it build with DEFAULT_VERSIONS+=llvm=21
Upstream cvise added support for building against llvm 21 in
<https://github.com/marxin/cvise/commit/68262f7>. Add it as a
patch-llvm-21 file.
PR: 295857
MFH: 2026Q2
