[Blocker] security: Update Next.js to v16.1.1 to fix critical SSRF vulnerability

## GitHub Update **Repository:** [MKWcorp/kemitraanbeautycenter](https://github.com/MKWcorp/kemitraanbeautycenter) **Author:** MKWcorp **Date:** 1/8/2026, 6:10:15 AM **Commit:** [`4716d5d`](https://github.com/MKWcorp/kemitraanbeautycenter/commit/4716d5db6502aa8ef202e4f4fc35303312ce9d04) ### Commit Message security: Update Next.js to v16.1.1 to fix critical SSRF vulnerability - Updated Next.js from v14.0.0 to v16.1.1 - Fixes critical SSRF vulnerability in Server Actions (GHSA-fr5h-rqp8-mj6g) - Resolved glob command injection vulnerability - All npm audit vulnerabilities now resolved (0 remaining) - Added SECURITY_UPDATE.md documenting changes References: - https://nextjs.org/blog/security-update-2025-12-11 - https://github.com/advisories/GHSA-fr5h-rqp8-mj6g --- _This story was imported from historical commits._