Fix PR #124 remaining issues: XSS, state management, DB regression

- kill_all() now resets gsm_spy_scanner_running and related state so
  the scanner thread stops after killall
- scanner_thread sets flag to False instead of None on exit
- Restore alert_rules, alert_events, recording_sessions tables and
  wifi_clients column removed by PR in database.py
- Escape all server-sourced values in analysis modals with escapeHtml()
- Reset gsm_towers_found/gsm_devices_tracked on stop to prevent
  counter drift across sessions
- Replace raw terminate/kill with safe_terminate() in scanner_thread

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app.py

@@ -676,6 +676,7 @@ def kill_all() -> Response:
     global current_process, sensor_process, wifi_process, adsb_process, ais_process, acars_process
     global aprs_process, aprs_rtl_process, dsc_process, dsc_rtl_process, bt_process
     global gsm_spy_livemon_process, gsm_spy_monitor_process
+    global gsm_spy_scanner_running, gsm_spy_active_device, gsm_spy_selected_arfcn, gsm_spy_region
 
     # Import adsb and ais modules to reset their state
     from routes import adsb as adsb_module
@@ -754,6 +755,11 @@ def kill_all() -> Response:
 
     # Reset GSM Spy state
     with gsm_spy_lock:
+        gsm_spy_scanner_running = False
+        gsm_spy_active_device = None
+        gsm_spy_selected_arfcn = None
+        gsm_spy_region = 'Americas'
+
         if gsm_spy_livemon_process:
             try:
                 if safe_terminate(gsm_spy_livemon_process):