Fix CORS policy for admin.dark.side domain

- Add https://admin.dark.side and http://admin.dark.side to ProductionCors allowed origins
- Increment version to 1.0.6
- Fixes push notification CORS blocking issue

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

LittleShop/Program.cs

@@ -288,7 +288,11 @@ builder.Services.AddCors(options =>
         corsBuilder =>
         {
             var allowedOrigins = builder.Configuration.GetSection("CORS:AllowedOrigins").Get<string[]>()
-                ?? new[] { "https://littleshop.silverlabs.uk" };
+                ?? new[] {
+                    "https://littleshop.silverlabs.uk",
+                    "https://admin.dark.side",
+                    "http://admin.dark.side"
+                };
 
             corsBuilder.WithOrigins(allowedOrigins)
                    .AllowAnyMethod()