GHSA-qhxg-623c-cfjm

### Summary The shared-view password check fell back to strict-equality (`===`) comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing.

### Details The bcrypt branch (hashes starting with `$2a$`/`$2b$`) was unaffected. The legacy fallback in `View.ts` now uses `crypto.timingSafeEqual` and a same-length dummy compare on the length-mismatch path, so total comparison time is approximately length-independent. The EE dashboard model's `verifyPassword` is patched the same way.

### Impact A network-positioned attacker could mount a timing oracle against shared views whose passwords predated the bcrypt migration. Exploitation requires the ability to time shared-view authentication responses but no prior authentication.

### Credit This issue was reported by [@Proscan-one](https://github.com/Proscan-one).