ReDoS advisory for useragent

[codedsultan]

Hi! 👋
I’d like to replace the unmaintained useragent dependency with ua-parser-js. Motivation: long-standing ReDoS concerns around regex backtracking in useragent.

I’ll keep behaviour identical for analytics:

• browser stays one of ie|firefox|chrome|opera|safari|edge (lowercase)
• os stays one of windows|macos|linux|android|ios|other (lowercase)

Implementation outline:

• Add a small helper (server/utils/ua.js) that maps ua-parser-js results to Kutt’s existing values.
• Replace require("useragent") call sites with this helper.
• No other logic or API changes.

Optional follow-up PR (behind env flag): skip obvious bots using isbot with SKIP_BOTS=false by default.

If this direction looks good, I’ll submit PR A (swap lib; no behaviour change) and then PR B (optional bot filtering).
Thanks!