3.36.0

Trust cache TTL and size for Basics Station CUPS server with defaults set to 5 mins and 1024 entries.

Network Operations Center now uses combined materialized views for application statistics queries, improving performance by eliminating JOINs and using tiered aggregation (hourly for <=7 days, daily for >7 days).
- This requires a Network Operations Center database migration (ttn-lw-stack noc-db migrate).
Network Operations Center now uses existing continuous aggregates for ActiveMetrics queries (QueryApplicationsActiveMetrics, QueryGatewaysActiveMetrics), improving performance by using pre-aggregated data with tiered aggregation (hourly for <=3 days, daily for >3 days).
Network Operations Center now uses daily continuous aggregates for DataRatesPacketCount queries, improving performance by using tiered aggregation (hourly for <=7 days, daily for >7 days).
- This requires a Network Operations Center database migration (ttn-lw-stack noc-db migrate).
Network Operations Center now uses tiered continuous aggregates for Channel queries (QueryEndDeviceChannelsPacketCount, QueryGatewayChannelsPacketCount, QueryGatewayChannelsUtilization), improving performance by using hourly/daily aggregation and removing time_bucket_gapfill().
- This requires a Network Operations Center database migration (ttn-lw-stack noc-db migrate).
- Note: QueryGatewayChannelsUtilization no longer fills gaps with zeros.
Improve certificate selection logic to use the last CA in the chain.

TenantRegistry.ReleaseGatewayEUI now correctly releases the gateway EUI. This only impacts operations performed by tenant administrators.
The timestamp of the udp packet is now always correct when the ‘Schedule downlink late’ is enabled for the gateway and downlink scheduling hits the duty cycle limit.

HTML-escape gRPC error messages and error detail attributes to prevent reflected XSS in API error responses.