Complete app overhaul and new features

[Letdown2491]

Way too much in this commit, but changes are below. Live instance available for testing at the link in your DMs. I believe this release achieves phases 1-4 of the html-to-nateoas document you posted so please verify and let me know.

New Features

1. Docker support - Multi-stage Dockerfile with docker-compose.yml, optional Redis profile, health checks, non-root user
2. HelmJS integration - Progressive enhancement for partial page updates with SSE auto-refresh on config reload
3. Full-text search (/html/search) - NIP-50 search with debounced input and skeleton loading states
4. Profile editing (/html/profile/edit) - Update display name, about, avatar, banner, website, NIP-05, Lightning address
5. GIF picker - Giphy integration with compose page for no-JS media attachments
6. Mute/block lists - Content filtering (pubkeys, event IDs, hashtags, words) with management page (/html/mutes)
7. i18n support - Internationalization with config/i18n/*.json string files
8. Autopoll Follows feed - 60s interval polling, pauses when tab hidden
9. Metrics and health checks - /metrics, /health, /health/live, /health/ready endpoints, useful for Prometheus and Docker
10. Redis caching - Optional distributed cache backend via REDIS_URL (falls back to in-memory)
11. Configurable navigation - Data-driven UI via JSON config files (actions, navigation, relays, i18n)
12. Hot reload support - SIGHUP reloads config, SSE broadcasts to connected browsers for auto-refresh
13. SSE endpoints - Live timeline updates, notifications, config reload notifications
14. Quality check tools - Accessibility (WCAG 2.1), markup, HATEOAS, NATEOAS, i18n, and security analyzers (cmd/)
15. NWC wallet integration - Nostr Wallet Connect (NIP-47) with connection pooling, balance queries, transaction history, wallet management page (/html/wallet)
16. Zap payments - NIP-57 zaps with LNURL-pay resolution (lud16/lud06), invoice fetching, SSRF protection
17. Quote reposts - Quote posts with commentary, embedded original note rendering
18. Follow/unfollow - Kind 3 contact list management with toggle buttons
19. Theme switching - Light/dark mode toggle with cookie persistence
20. Notification system - Real-time notifications via SSE with badge updates, notification list page
21. No-JS compose page - Fallback compose page (/html/compose) for media attachments without JavaScript
22. New DEVELOPMENT.md and API.md documentation

General Improvements

1. Relay health and scoring system - Response time tracking, failure backoff, smart prioritization, keepalive ping
2. Session state caching - Bookmarks, reactions, reposts cached for instant UI indicators
3. Negative caching - Profile cache stores "not found" results to prevent repeated lookups
4. Template modularization - Split into templates/ directory with reusable fragments
5. OOB (Out-of-Band) updates - Navigation state sync across partial page loads
6. Structured JSON logging - slog-based with LOG_LEVEL control and request ID tracing
7. External CSS (/static/style.css) - Improved rendering, caching, and maintainability
8. GZIP compression - GZIP_ENABLED for static assets and dynamic responses
9. Kind-specific templates - Modular rendering for notes, photos, videos, articles, highlights, livestreams, classifieds
10. Avatar URL validation - Fallback to generic avatar on invalid URLs
11. Link preview caching - Automatic cleanup of stale previews
12. Image host preloading - Preconnect hints for common Nostr image hosts
13. Flash messages - Success/error feedback across redirects
14. Fixed event prefetching to use logged-in user's NIP-65 relay list
15. Mobile browser optimizations
16. New notes indicator - Polling check endpoint (/html/timeline/check-new) with "X new notes" banner
17. Template based rendering for various kind types (pictures, videos, articles, livestream, classifieds)

Security Improvements

1. HSTS support - HSTS_ENABLED and HSTS_MAX_AGE for HTTPS deployments
2. Trusted proxy detection - TRUSTED_PROXY_COUNT prevents IP spoofing for rate limiting
3. Rate limiting infrastructure - In-memory and Redis implementations
4. Secure cookie handling - Auto-detected in production, explicit SECURE_COOKIES override
5. Session ID hardening - Refuses creation if crypto/rand fails (no timestamp fallback)
6. Pre-computed CSP headers - Generated once at startup, not per-request
7. Nostr Connect flow - nostrconnect:// URI for signer discovery
8. NIP-42 AUTH handling - Challenge-response authentication with relays=
9. LNURL SSRF protection - Validates Lightning invoice endpoints against internal networks

[Letdown2491]

Tons more stuff including full outbox model, new kind templates, note1/npub/nevent/naddr resolution, content warning support on note creation and timeline (hidden by spoiler warning), user muting, npub resolution in line in note create (to @ other users), speed improvements and more. Will add a full list soon.

[Letdown2491]

Created new dialer to improve relay DNS and fixed a race condition that prevented users from logging in via bunker:// URIs.