bind to loopback by default and serve concurrently

`run.py` and the server defaults exposed the dashboard on every
interface with no authentication. Default to 127.0.0.1; the Docker
entrypoint still passes --host 0.0.0.0 explicitly, so containers are
unaffected. Document the override in the --host help text.

Also switch from HTTPServer to ThreadingHTTPServer so one slow
investigation (subdomain enumeration / whois / ~200 social URL
probes) no longer blocks every other request.

eirescope/web/app.py

@@ -5,7 +5,7 @@ import json
 import logging
 import mimetypes
 import urllib.parse
-from http.server import HTTPServer, BaseHTTPRequestHandler
+from http.server import ThreadingHTTPServer, BaseHTTPRequestHandler
 from jinja2 import Environment, FileSystemLoader
 
 # Add project root to path
@@ -266,14 +266,14 @@ class EireScopeHandler(BaseHTTPRequestHandler):
             self._html_response(f"<h1>{code}</h1><p>{message}</p>", status=code)
 
 
-def create_server(host: str = "0.0.0.0", port: int = 5000) -> HTTPServer:
+def create_server(host: str = "127.0.0.1", port: int = 5000) -> ThreadingHTTPServer:
     """Create and return the EireScope HTTP server."""
-    server = HTTPServer((host, port), EireScopeHandler)
+    server = ThreadingHTTPServer((host, port), EireScopeHandler)
     logger.info(f"EireScope server ready at http://{host}:{port}")
     return server
 
 
-def run_server(host: str = "0.0.0.0", port: int = 5000):
+def run_server(host: str = "127.0.0.1", port: int = 5000):
     """Start the EireScope web server."""
     logging.basicConfig(
         level=logging.INFO,

run.py

@@ -15,8 +15,8 @@ def main():
         description="EireScope — Open-Source Intelligence Investigation Dashboard"
     )
     parser.add_argument(
-        "--host", default="0.0.0.0",
-        help="Host to bind to (default: 0.0.0.0)"
+        "--host", default="127.0.0.1",
+        help="Host to bind to (default: 127.0.0.1; use 0.0.0.0 to expose externally)"
     )
     parser.add_argument(
         "--port", type=int, default=5000,