refactor: deduplicate sha1Hex/writeJSON/writeError into pkg/utils

- admin.go: replace local sha1Hex, sha256Hex, writeJSON, writeError with pkg/utils equivalents
- auth.go: replace local writeJSON with utils.WriteJSON; rewrite writeError as thin wrapper
- cas.go: remove local sha1Hex and unused writeJSON; use utils.SHA1Bytes
- pkg/utils.go: add WriteJSON, WriteError; reorder imports

pkg/utils/utils.go

@@ -1,19 +1,23 @@
-// package utils provides shared utility functions (SHA-1, SHA-256, ZIP, etc.).
+// package utils provides shared utility functions (hashing, HTTP helpers, ZIP).
+
 package utils
 
 import (
+	"archive/zip"
 	"bytes"
 	"crypto/sha1"
 	"crypto/sha256"
 	"encoding/hex"
+	"encoding/json"
 	"io"
+	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
-
-	"archive/zip"
 )
 
+// ── Hashing ────────────────────────────────────────────────────
+
 // SHA1Bytes returns the SHA-1 hex string of the given data.
 func SHA1Bytes(data []byte) string {
 	h := sha1.Sum(data)
@@ -41,6 +45,22 @@ func SHA1File(path string) (string, error) {
 	return hex.EncodeToString(h.Sum(nil)), nil
 }
 
+// ── HTTP helpers ───────────────────────────────────────────────
+
+// WriteJSON writes a JSON response with the given status code.
+func WriteJSON(w http.ResponseWriter, status int, v any) {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(status)
+	_ = json.NewEncoder(w).Encode(v)
+}
+
+// WriteError writes a JSON error response.
+func WriteError(w http.ResponseWriter, status int, msg string) {
+	WriteJSON(w, status, map[string]string{"error": msg})
+}
+
+// ── ZIP ────────────────────────────────────────────────────────
+
 // Unzip extracts a ZIP archive to the destination directory.
 // Returns the list of extracted file paths.
 // Protects against zip-slip by validating that each entry's target path