Optimize memory, fix startup, and harden /debug sandbox

[sandy191020]

Performance Optimization & Security Hardening

This PR introduces improvements across development performance and endpoint security in the Sugar-AI backend.

---

/debug Endpoint Hardening

Improved security of the /debug endpoint to prevent unsafe code execution and sandbox escape attempts:

• Implemented strict AST whitelisting (deny-by-default)
• Blocked all import statements
• Prevented access to private/magic attributes (__class__, etc.)
• Restricted execution environment with safe builtins only
• Added 2-second timeout to prevent infinite loops
• Sanitized error responses to avoid leaking internal details

---

##Development Memory Optimization

Optimized application startup for low-memory environments:

• Introduced lazy loading for heavy dependencies (torch, transformers)
• Refactored model initialization to avoid loading during startup
• Reduced memory footprint and prevented startup crashes

---

##DEV_MODE Enforcement

Added strict development mode behavior:

• DEV_MODE=1 disables model loading entirely
• Ensures fast startup and safe local development
• Added clear logging for visibility

---

##Compatibility Fixes

• Updated type hints to support Python 3.9 (typing.Optional)
• Improved stability across environments

---

##Impact

• Faster local development startup (~50ms)
• Reduced memory usage (no model downloads in DEV mode)
• Secured /debug endpoint against RCE vulnerabilities
• Improved developer experience and stability

---

##Note for Reviewers

This PR combines multiple improvements (performance + security).
I’m happy to split this into smaller, focused PRs if preferred.