(bugfix) Guard dry-run logs and recursive rsync defaults

Clear the reused dry-run rsync log before each dry-run so run details
only show output from the current execution.

Populate new Django global configs with the existing safe rsync and
exclude defaults, including archive mode and standard pseudo-filesystem
exclusions.

Add a host check that fails when effective rsync args do not include
archive or recursive transfer, preventing real backups that only report
"skipping directory .".

src/pobsync_backend/tests/test_views.py

@@ -331,6 +331,8 @@ class ViewTests(TestCase):
 
         self.assertEqual(response.status_code, 200)
         self.assertContains(response, f'value="{credential.id}" selected')
+        self.assertContains(response, "--archive")
+        self.assertContains(response, "/proc/***")
 
     def test_global_config_form_renders_static_container_backup_root_on_edit(self) -> None:
         self.client.force_login(self.staff_user)
@@ -522,6 +524,17 @@ class ViewTests(TestCase):
             self.assertTrue((backup_root / host.host / "manual").is_dir())
             self.assertTrue((backup_root / host.host / ".incomplete").is_dir())
 
+    def test_host_detail_warns_when_rsync_is_not_recursive(self) -> None:
+        self.client.force_login(self.staff_user)
+        GlobalConfig.objects.create(name="default", backup_root="/backups", rsync_args=[])
+        host = HostConfig.objects.create(host="web-01", address="web-01.example.test")
+
+        response = self.client.get(reverse("host_detail", args=[host.host]))
+
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, "Host rsync recursion")
+        self.assertContains(response, "Rsync args do not include archive or recursive transfer.")
+
     def test_scan_host_known_key_action_updates_selected_credential(self) -> None:
         self.client.force_login(self.staff_user)
         credential = SshCredential.objects.create(name="default-key", key_path="/var/lib/pobsync/state/ssh-credentials/1/identity")