feat(appconfig): add email security options for TLS and HTML handling

- Add IgnoreTLSErrors option for insecure TLS connections
- Add AllowUnsafeHTML option for unsafe HTML embedding in Markdown
- Support configuration via config.yaml, environment variables, and CLI flags
- Include validation for security-sensitive options
- Document security implications in defaults and comments

Author: canaria-computer

internal/appconfig/appconfig.go

@@ -1,3 +1,6 @@
+/*
+Copyright © 2025 canaria-computer
+*/
 package appconfig
 
 import (
@@ -88,9 +91,10 @@ type ConsentConfig struct {
 }
 
 type EmailConfig struct {
-	IMAP     IMAPConfig `koanf:"imap"`
-	SMTP     SMTPConfig `koanf:"smtp"`
-	MimeType string     `koanf:"mime-type"`
+	IMAP              IMAPConfig `koanf:"imap"`
+	SMTP              SMTPConfig `koanf:"smtp"`
+	MimeType          string     `koanf:"mime_type"`
+	Security          SecurityConfig `koanf:"security"`
 }
 
 type IMAPConfig struct {
@@ -104,6 +108,21 @@ type SMTPConfig struct {
 	Secure string `koanf:"secure"`
 }
 
+// SecurityConfig contains security-related options for email operations
+type SecurityConfig struct {
+	// IgnoreTLSErrors allows SMTP/IMAP connections to proceed even if TLS verification fails.
+	// WARNING: This disables certificate validation and should only be used for testing with
+	// self-signed certificates or in development environments. Do NOT use in production.
+	// Default: false (TLS verification is enforced)
+	IgnoreTLSErrors bool `koanf:"ignore_tls_errors"`
+
+	// AllowUnsafeHTML permits the embedding of potentially unsafe HTML in Markdown-generated emails.
+	// WARNING: When enabled, user-supplied or untrusted HTML content may be embedded without sanitization,
+	// potentially leading to XSS attacks or malicious content injection. Only enable if you trust the source
+	// of the HTML content. Default: false (unsafe HTML is sanitized/escaped)
+	AllowUnsafeHTML bool `koanf:"allow_unsafe_html"`
+}
+
 var globalConfig *AppConfig
 var globalKoanf *koanf.Koanf
 
@@ -147,6 +166,10 @@ func DefaultConfig() *AppConfig {
 				// Defaults removed
 			},
 			MimeType: "text/plain",
+			Security: SecurityConfig{
+				IgnoreTLSErrors: false,  // TLS verification enforced by default
+				AllowUnsafeHTML: false,  // HTML sanitization enforced by default
+			},
 		},
 	}
 }
@@ -267,6 +290,14 @@ func ValidateConfig(cfg *AppConfig) []error {
 		errs = append(errs, fmt.Errorf("email.mime-type must be one of: text/plain, multipart/alternative"))
 	}
 
+	// Warn about security options in production
+	if cfg.Email.Security.IgnoreTLSErrors {
+		errs = append(errs, fmt.Errorf("SECURITY WARNING: email.security.ignore_tls_errors is enabled - TLS verification is disabled (development only)"))
+	}
+	if cfg.Email.Security.AllowUnsafeHTML {
+		errs = append(errs, fmt.Errorf("SECURITY WARNING: email.security.allow_unsafe_html is enabled - unsafe HTML will be embedded without sanitization (untrusted content at risk)"))
+	}
+
 	return errs
 }