fix: coerce env values to string before .includes() check in updateENV

[xandr0s]

Summary

• Fix crash (500) in POST /api/v1/system/update-env when numeric values are passed
• Root cause: .includes("******") called on Number type — Number has no .includes() method
• Fix: wrap with String() before calling .includes()

Steps to reproduce

curl -X POST /api/v1/system/update-env   -d '{"GenericOpenAiEmbeddingMaxConcurrentChunks": 1}'
# => 500 Internal Server Error
# => TypeError: newENVs[key].includes is not a function

Change

- (key) => validKeys.includes(key) && !newENVs[key].includes("******")
+ (key) => validKeys.includes(key) && !String(newENVs[key]).includes("******")

Test plan

• POST numeric value to /api/v1/system/update-env — no crash, value saved
• POST string with ****** — still filtered correctly
• POST normal string — saved as before

[timothycarambat]

You shouldn't be using the frontend API directly outside the UI because of things like this - what is the use case you are working for where you need to manipulate the update-env directly?