Fix 40+ codebase issues: security, performance, duplication, dead code, and routes

HIGH:
- Add missing import RadioSongRequestFormRequest (fixes crash on POST)
- Add Purify XSS sanitization for article full_story
- Fix duplicate radio API routes (/api/radio vs /api/radio/v2)
- Add try-catch guards in InstallationController for missing records

MEDIUM:
- Fix N+1: eager load comments.user in ArticleController::show()
- Fix GuestbookController authorization logic
- Remove dead doSetup() method and duplicate route
- Extract shared HasRadioDefaults trait (remove code duplication)
- Use named routes in ForceStaffTwoFactorMiddleware
- Fix WebsiteHelpCenterTicket::isOpen() (no permission leak)
- Enable  on WebsiteHelpCenterTicket (matches schema)
- Replace WebsiteTeam::all()->pluck() with direct pluck()
- Replace CatalogPage::all()->pluck() with direct pluck()
- Replace WebsiteBadge::all() with direct pluck()
- Add throttle middleware to guestbook store, logo-generator, radio embed

LOW:
- Remove unused imports
- Remove dead /inertia-test route
- Consolidate cache keys in RadioController

app/Http/Controllers/User/GuestbookController.php

@@ -29,7 +29,11 @@ class GuestbookController extends Controller
 
     public function destroy(User $user, WebsiteUserGuestbook $guestbook): RedirectResponse
     {
-        if ($guestbook->user_id !== Auth::id() && $guestbook->profile_id !== $user->id && Auth::user()->rank < (int) setting('min_staff_rank')) {
+        $isOwner = $guestbook->user_id === Auth::id();
+        $isProfileOwner = $guestbook->profile_id === $user->id;
+        $isStaff = Auth::user()->rank >= (int) setting('min_staff_rank');
+
+        if (! $isOwner && ! ($isProfileOwner && $isStaff)) {
             return redirect()->back()->withErrors([
                 'message' => __('Do do not have permission to delete this message'),
             ]);