Add web admin feature and improve tool invocation

[SZeCloud]

新增web展示页面

参考其他项目优化工具调用

[Sophomoresty]

Thanks for the effort — the admin UI looks polished and the session stats implementation is solid (atomic writes, thread-safe, HMAC sessions).

A few things to address before merging:

1. Please split this PR — tool calling improvements and the web admin feature are independent concerns. Smaller PRs are easier to review and bisect.

2. server.py grew from ~100 to ~1000 lines — the admin routes, session management, and stats logic should live in separate modules (e.g. admin_routes.py, session_stats.py).

3. Default credentials in config.example.json — admin/admin is risky for users who deploy without reading docs. Consider requiring initial setup or generating a random password on first run.

4. Session secret — when session_secret is None, a random value is generated at startup, which invalidates all sessions on restart. This is fine but should be documented explicitly.

5. Commit authorship — the commit is authored by "Codex Bot". For contribution attribution, please use your own git identity.

Happy to re-review once these are addressed.