fix(ui): wire status panel close button via addEventListener

Inline onclick attribute was silently blocked by the server CSP nonce
policy. Replace with addEventListener after innerHTML is set.

chore: bump version to 1.5.0a

public/app.js

@@ -812,7 +812,7 @@ function renderStatusPanel(data, panel) {
   let html = `
     <div class="status-header">
       <h3>Server Status</h3>
-      <button class="status-close" onclick="closeStatusPanel()">&times;</button>
+      <button class="status-close" id="status-close-btn">&times;</button>
     </div>
     <div class="status-grid">
       <div class="status-card">
@@ -886,6 +886,9 @@ function renderStatusPanel(data, panel) {
 
   html += `</tbody></table></div></div>`;
   panel.innerHTML = html;
+  // Wire close button — addEventListener avoids CSP inline handler restrictions
+  const closeBtn = panel.querySelector('#status-close-btn');
+  if (closeBtn) closeBtn.addEventListener('click', closeStatusPanel);
   // Set bar widths via JS DOM assignment — immune to CSP style-src restrictions
   panel.querySelectorAll('.timing-bar[data-w]').forEach(el => {
     el.style.width = el.dataset.w + '%';