Fix CVE-2025-29662: Enhance Image Upload Security

[mbampi]

This PR addresses CVE-2025-29662 by implementing critical security enhancements and refactoring image upload code for readability.

• RCE Prevention: Eliminated direct shell_exec($_REQUEST['c']) in picupload_res.php. The full Python command is now securely built internally using escapeshellcmd() and escapeshellarg() from a validated img parameter, preventing arbitrary command injection.

• Path Validation: Implemented realpath() and strpos() checks to ensure image files are strictly within the picupload directory, preventing directory traversal.

• Upload Checks: In picupload_action.php, strengthened validation using finfo_open() for actual MIME type verification, along with clear file size and extension limits.

• Secure Directory Handling: Ensured upload directories are properly created and have correct write permissions.

• Error Handling: Consolidated and clarified error messages, providing specific user feedback and internal logging.

• Readability: picupload_res.php was cleaned up by removing unnecessary comments, consolidating error handling, and streamlining variable usage.