feat(security): v1.1.0 — full audit with 17 fixes across all severity…

… levels

CRITICAL: fix command injection in osascript privilege escalation by
using proper shell-quoting for each argument. Restrict sudoers rule to
only allow wg-quick up/down with known config paths, and validate
syntax with visudo.

HIGH: add duplicate instance prevention, capture stderr in error
alerts, replace Thread.sleep with async dispatch, add configurable
SIGN_IDENTITY for code signing.

MEDIUM: consolidate version to single source of truth (Makefile),
add NSLog fallback warning in findFirst, enhance CI with lint job,
artifact upload and codesign verification.

LOW: modernize generate_icon.swift (remove deprecated lockFocus),
extract LaunchAgent to template, add CHANGELOG.md, improve .gitignore,
add copyright to Info.plist.