fix: Standalone nav + REST URL + SVG upload support

## ✅ Issue 1: Standalone Mode Navigation
**Problem:** Standalone mode not getting WNW_NAV_TREE from PHP
**Fixed:** Added WNW_NAV_TREE injection to StandaloneAdmin.php
**Result:** Navigation now works in standalone mode with PHP as single source

## ✅ Issue 2: 404 Errors for branding and customer-settings
**Problem:** REST URLs had trailing slashes causing double slashes
**Root Cause:**
- `rest_url("woonoow/v1")` returns `https://site.com/wp-json/woonoow/v1/`
- Frontend: `restUrl + "/store/branding"` = double slash
- WP-admin missing WNW_CONFIG entirely

**Fixed:**
1. **Removed trailing slashes** from all REST URLs using `untrailingslashit()`
   - StandaloneAdmin.php
   - Assets.php (dev and prod modes)

2. **Added WNW_CONFIG to wp-admin** for API compatibility
   - Dev mode: Added WNW_CONFIG with restUrl, nonce, standaloneMode, etc.
   - Prod mode: Added WNW_CONFIG to localize_runtime()
   - Now both modes use same config structure

**Result:**
- ✅ `/store/branding` works in all modes
- ✅ `/store/customer-settings` works in all modes
- ✅ Consistent API access across standalone and wp-admin

## ✅ Issue 3: SVG Upload Error 500
**Problem:** WordPress blocks SVG uploads by default
**Security:** "Sorry, you are not allowed to upload this file type"

**Fixed:** Created MediaUpload.php with:
1. **Allow SVG uploads** for users with upload_files capability
2. **Fix SVG mime type detection** (WordPress issue)
3. **Sanitize SVG on upload** - reject files with:
   - `<script>` tags
   - `javascript:` protocols
   - Event handlers (onclick, onload, etc.)

**Result:**
- ✅ SVG uploads work securely
- ✅ Dangerous SVG content blocked
- ✅ Only authorized users can upload

---

## Files Modified:
- `StandaloneAdmin.php` - Add nav tree + fix REST URL
- `Assets.php` - Add WNW_CONFIG + fix REST URLs
- `Bootstrap.php` - Initialize MediaUpload
- `MediaUpload.php` - NEW: SVG upload support with security

## Testing:
1. ✅ Navigation works in standalone mode
2. ✅ Branding endpoint works in all modes
3. ✅ Customer settings endpoint works in all modes
4. ✅ SVG logo upload works
5. ✅ Dangerous SVG files rejected

includes/Core/Bootstrap.php

@@ -18,6 +18,7 @@ use WooNooW\Api\Routes;
 use WooNooW\Core\Mail\MailQueue;
 use WooNooW\Core\Mail\WooEmailOverride;
 use WooNooW\Core\DataStores\OrderStore;
+use WooNooW\Core\MediaUpload;
 use WooNooW\Branding;
 
 class Bootstrap {
@@ -28,6 +29,7 @@ class Bootstrap {
         Assets::init();
         StandaloneAdmin::init();
         Branding::init();
+        MediaUpload::init();
         
         // Addon system (order matters: Registry → Routes → Navigation)
         AddonRegistry::init();