feat(crs-sync): improve error messages and add private IP allowlist support

## Changes

### 1. Enhanced Error Messages
- Modified CRS sync error handling to show detailed error messages
- Changed from generic "internal error" to "CRS sync failed: <details>"
- Helps diagnose connection issues with private CRS deployments

### 2. Security Configuration
- Added SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS environment variable
- Allows administrators to enable/disable private IP access for CRS sync
- Production default: false (secure)
- Test environment default: true (convenient for internal testing)

### 3. Flexible Configuration Support
- Added config.yaml mount support in both production and test environments
- Supports dual configuration methods:
  * config.yaml for detailed/complex configurations
  * Environment variables for quick overrides
- Priority: ENV vars > config.yaml > defaults

## Use Case
Enables CRS sync from internal deployments where CRS resolves to private IPs
(e.g., 10.x.x.x, 192.168.x.x) while maintaining security by default.

## Files Modified
- backend/internal/handler/admin/account_handler.go
- deploy/docker-compose.yml
- deploy/docker-compose-test.yml

backend/internal/handler/admin/account_handler.go

@@ -354,7 +354,8 @@ func (h *AccountHandler) SyncFromCRS(c *gin.Context) {
 		SyncProxies: syncProxies,
 	})
 	if err != nil {
-		response.ErrorFrom(c, err)
+		// Provide detailed error message for CRS sync failures
+		response.InternalError(c, "CRS sync failed: "+err.Error())
 		return
 	}