v2.6.1

1.Fixed /user/profile returning incorrect ban data
2.Added config.privacy check to GET /dlog/statistics/details
3.Added Authorization header check to middleware if the header exists
4.Added get_sensitive_profile permission to access user email and mfa
5.Added config.perms validator to ensure default permissions are included
6.Improved external plugin handling.
7.Removed config.hcaptcha_secret, added config.captcha with provider and secret property, provider supports cloudflare and hcaptcha.
Note h-captcha-response in JSON data has been renamed to captcha-response.