Potential fix for code scanning alert no. 1: Clear text storage of sensitive information

[nawapon2001]

Potential fix for https://github.com/nawapon2001/TH-shop/security/code-scanning/1

To fix this issue, we must ensure that passwords are never stored in cleartext in localStorage. Instead, we should hash or symmetrically encrypt passwords before storage. Since localStorage operates in the browser without backend support, hashing with a random salt per user (as backend systems do) is impractical and would prevent password verification. Instead, a lightweight client-side encryption (e.g., via Web Crypto API) can be used. For a quick fix, we can symmetrically encrypt the password before storage and decrypt it only when necessary (preferably never in the client; just compare encrypted values). For demo purposes, the encryption can use a hardcoded key or be derived from a configuration/environment variable.

We need to:

1. Add a simple symmetric encryption function using the Web Crypto API (or a lightweight JavaScript crypto library).
2. Update code so that when adding an admin, the password is encrypted before being stored in localStorage.
3. When listing admins, display only the username (never expose or decrypt the passwords in the UI).
4. Update the seed admin (line 49) to store the password encrypted.
5. Optionally, update loadAdmins to decrypt passwords if needed. But ideally, never show password values.

Key changes:

• Insert encryption function above relevant code.
• Change addAdmin to encrypt p before storage.
• Change seed admin on line 49 to store encrypted password.
• Add any required imports.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.