feat: support single-host direct tunnels (ssh -L style)

[ZacharyZcR]

Summary

• Add direct tunnel mode for single-host port forwarding (ssh -L / ssh -R / ssh -D equivalent) — no second endpoint host required in the Termix database
• For local mode: the Termix server creates a local TCP listener on bindHost:sourcePort and forwards each connection through the SSH channel via forwardOut to targetHost:endpointPort on the remote host
• For remote mode: uses bindForwardIn to listen on the remote host, forwards back to a local port on the Termix server
• For dynamic mode: creates a local SOCKS5 proxy, forwards arbitrary destinations through the SSH channel
• isSingleHostTunnel() detects when endpoint is absent, 127.0.0.1, localhost, or identical to the source — automatically routes to the direct tunnel path
• Frontend: endpoint host dropdown defaults to "This host (direct tunnel)" instead of requiring a server selection, making the common ssh -L use case the default
• Default tunnel mode changed from remote to local to match PuTTY/Termius behavior

Context

Users coming from PuTTY, Termius, and MobaXterm expect to create simple local port forwards (e.g., ssh -L 8006:localhost:8006 remote-host for Proxmox GUI access). The existing S2S tunnel architecture requires two Termix-managed SSH hosts (source + endpoint), which confused users and made basic forwarding impossible without registering the same host twice.

This was raised in Discord by multiple users (Antiager, NyvenZA, frenzykiwi) and was the root cause of the "Endpoint host not found in database" error.

Linked issues

Related discussion in Termix-SSH/Support (Discord thread, no GitHub issue)

Validation

• npx tsc --noEmit --pretty false
• npm run build

Checklist

• Code follows project style guidelines
• Supports mobile and desktop UI/app (if applicable) — this affects the web tunnel UI and the backend; desktop C2S tunnels are unchanged
• I have read Contributing.md
• This is not a translation request