Bump xtls/xray-core to 50231eaf (v26.7.11) and the three binary pins
(DockerInit.sh, release.yml x2) in lockstep.
Adapt the panel to the upstream changes:
- Shadowsocks "none"/"plain" and VMess "none"/"zero" were removed from
the core. A migration rewrites stored none/plain SS methods to a
supported cipher and none/zero VMess security to "auto" (on both the
clients column and inbound settings JSON); the SS build-time heal does
the same so a row injected after boot cannot brick startup. The removed
values are dropped from every frontend option list, schema and adapter,
and coerced to "auto" at the Go link/sub/Clash emit sites and both link
importers. Fix the CipherType_NONE sentinel that no longer compiles.
- Unencrypted vless/trojan outbounds to a public address are now refused
by the core. Validate outbounds through the vendored config loader when
saving the xray template and when storing/merging outbound
subscriptions, so one such outbound cannot keep the core from starting.
- New TCP finalmask type "xmc" (Minecraft mimicry): add it to the sub
link allowlist, the frontend enum and the FinalMask form (hostname,
usernames, required password), and document it.
- streamSettings gained a "method" alias for "network"; canonicalize it
to "network" at inbound save time and in the form adapters/schema so a
method-keyed config keeps its transport.
- New root "env" config key is passed through xray.Config, compared in
Equals, and forces a restart in the hot diff.
- REALITY now defaults minClientVer to 26.3.27; update the form
placeholder.