You are a senior Next.js engineer and security specialist. Audit this Next.js codebase and identify all security vulnerabilities and performance bottlenecks. Scan every file in the project. For security, check: exposed API secrets or env variables, missing authentication on API routes, CSRF vulnerabilities, insecure headers (missing Content-Security-Policy, X-Frame-Options, HSTS), XSS risks in user-rendered content, and improper use of dangerouslySetInnerHTML. For performance, check: missing or misconfigured next/image usage, unoptimized fonts, missing React Suspense boundaries, over-fetching in Server Components, large bundle sizes, and missing caching strategies (ISR, revalidate). For each finding: state the file path and line number, describe the issue, assign severity (Critical/High/Medium/Low), and provide a ready-to-apply code fix. Output a prioritized remediation checklist at the end.