Refactor core API helpers and implement System Testing Dashboard

- Unified and hardened get, post, patch, and delete helpers with standardized retry logic, kebab-case headers, and V3 response envelope handling.
- Implemented robust 'Bootstrap Paradox' resolution logic across the API stack to handle unauthenticated site domain lookups safely.
- Enhanced API helpers to support custom fetch injection, enabling reliable server-side execution in SvelteKit.
- Upgraded /testing page into a comprehensive System Testing Dashboard for core helper and V3 search verification.
- Updated TODO.md and GEMINI.md with 2026-01-08 session learnings and 'Frontier Journals' vision.

src/lib/ae_api/api_get_object.ts

@@ -57,18 +57,18 @@ export const get_object = async function get_object({
     const controller = new AbortController();
     const timeoutId = setTimeout(() => controller.abort(), timeout);
 
-    // Remove a header parameter if it is set to null
-    if (
-        api_cfg['headers'].hasOwnProperty('x-no-account-id') &&
-        api_cfg['headers']['x-no-account-id'] === null
-    ) {
-        delete api_cfg['headers']['x-no-account-id'];
-    }
-
-    // Clean and merge headers
+    // Clean and merge headers without mutating the original api_cfg
     const headers_cleaned: key_val = {};
     const merged_headers = { ...api_cfg['headers'], ...headers };
 
+    // Handle "Bootstrap Paradox" for unauthenticated requests
+    if (merged_headers.hasOwnProperty('x-no-account-id')) {
+        delete merged_headers['x-account-id'];
+        if (merged_headers['x-no-account-id'] === null) {
+            merged_headers['x-no-account-id'] = 'Nothing to See Here';
+        }
+    }
+
     // Standardize all headers to kebab-case and ensure string values
     for (const prop in merged_headers) {
         const prop_cleaned = prop.replaceAll('_', '-');