xray-core's multi-user shadowsocks insists the per-client `method` matches
the inbound's top-level cipher exactly for legacy ciphers, and is empty for
2022-blake3-*. The previous code (xray.go) copied `Client.Security` into
the per-client `method` blindly, so a multi-protocol client created with
the VMess default `"auto"` poisoned the SS config with `method: "auto"` →
"unsupported cipher method: auto".
Fix in two parts:
- GetXrayConfig no longer projects `Client.Security` into the SS entry;
the inbound's top-level method is now the single source of truth.
- HealShadowsocksClientMethods moves to `database/model` and is invoked
from `Inbound.GenXrayInboundConfig`, so the runtime add/update path
(runtime.AddInbound) is normalised in addition to the full-restart
path. For legacy ciphers heal now overwrites mismatched per-client
methods rather than preserving them, so stale DB rows are also healed.
ad8d58c2b6