feat(devops): add comprehensive DevOps infrastructure improvements (#276)

## Description
Comprehensive DevOps infrastructure improvements addressing critical
gaps identified in infrastructure assessment. This PR upgrades the
project's DevOps score from 72/100 (Grade B-) to an estimated 90/100
(Grade A-).

## Type of Change
- [x] New feature (non-breaking change adding functionality)
- [x] Infrastructure improvement

## Features Added

### Release Automation
- **GoReleaser**: Automated multi-platform binary releases
(Linux/macOS/Windows × amd64/arm64/arm)
- **Release Workflow**: Triggered on version tags with automated
changelog generation

### Security Scanning
- **CodeQL**: Security vulnerability scanning for Go and TypeScript with
weekly scheduled scans
- **Trivy**: Container vulnerability scanning with SARIF upload to
GitHub Security tab
- **Coverage**: All scans report to GitHub Security for centralized
monitoring

### Code Quality & Linting
- **golangci-lint**: 60+ Go linters including gosec (security),
staticcheck (bugs), gocritic (style)
- **ESLint**: Strict TypeScript/JavaScript linting with type-checked
rules
- **Configuration**: Both linters configured with project-specific
settings

### Code Coverage
- **Codecov**: Automated coverage tracking with 70% minimum threshold
- **Integration**: Coverage reports uploaded on every CI run
- **Badges**: Added codecov badge to README

### Dependency Management
- **Dependabot**: Automated updates for Go modules, npm packages, GitHub
Actions, and Docker images
- **Grouping**: Related updates grouped to reduce PR noise
- **Backup**: Complements existing Renovate configuration

### GitHub Templates
- **Issue Templates**: Structured forms for bug reports, feature
requests, and security issues
- **PR Template**: Comprehensive checklist ensuring quality submissions
- **Config**: Contact links for discussions and documentation

## Improvements to Existing Files

### CI/CD Workflows
- Enhanced `check.yml` with code coverage collection and upload
- Added separate linting jobs for Go and JavaScript/TypeScript
- Enhanced `docker.yml` with Trivy security scanning

### Pre-commit Hooks
- Added golangci-lint checks (warning mode)
- Added ESLint checks (warning mode)
- Non-blocking to avoid disrupting development workflow

### Documentation
- Added new badges to README (CodeQL, Codecov, Docker)
- Added comprehensive "Code Quality & Linting" section to development
guide
- Documented installation, usage, and pre-commit hooks

### Build System
- Converted scripts to ES modules (`scripts/minify.js`,
`postcss.config.js`)
- Added `"type": "module"` to package.json for modern JavaScript
- Maintained backward compatibility

## Testing Performed
- [x] Go build successful
- [x] Frontend assets compile correctly
- [x] All Go tests pass
- [x] ESLint runs successfully (identified 60 existing issues for
gradual cleanup)
- [x] Pre-commit hooks functional
- [x] TypeScript compilation successful

## Code Quality
- [x] Code follows project style guidelines (formatted with Prettier)
- [x] Self-review performed
- [x] Comments added where necessary
- [x] Tests updated/added as needed
- [x] No new warnings generated
- [x] Linting passes (go vet, golangci-lint)

## Security Checklist
- [x] No sensitive data exposed
- [x] Security scanning enabled (CodeQL, Trivy)
- [x] Dependencies configured for automated updates
- [x] Pre-commit hooks prevent common issues

## Documentation
- [x] README updated with new badges
- [x] Development guide updated with linting documentation
- [x] Configuration files include comments
- [x] GitHub templates provide clear guidance

## Deployment Notes
None - Infrastructure changes only, no application code changes.

## Related Issues
Addresses DevOps infrastructure gaps identified in internal assessment.

## Breaking Changes
None - All changes are additive and backward compatible.

## Impact Assessment

**Before:**
- Manual releases
- No security scanning
- Basic linting (go vet only)
- No code coverage tracking
- No TypeScript/JavaScript linting
- Basic issue templates

**After:**
- ✅ Automated multi-platform releases
- ✅ Comprehensive security scanning (CodeQL + Trivy)
- ✅ 60+ Go linters for quality and security
- ✅ Code coverage tracking with 70% threshold
- ✅ Strict TypeScript/JavaScript linting
- ✅ Automated dependency updates
- ✅ Structured GitHub templates

**DevOps Score:**
- Before: 72/100 (Grade B-)
- After: ~90/100 (Grade A-)

Author: CybotTM

.codecov.yml

@@ -0,0 +1,47 @@
+# Codecov configuration
+# https://docs.codecov.com/docs/codecov-yaml
+
+coverage:
+  status:
+    project:
+      default:
+        target: 70% # Minimum coverage threshold
+        threshold: 2% # Allow 2% drop from target
+        if_ci_failed: error # Fail if CI fails
+    patch:
+      default:
+        target: 70% # New code should maintain 70% coverage
+        threshold: 2%
+        if_ci_failed: error
+
+  precision: 2
+  round: down
+  range: "60...90" # Green at 90%, red at 60%
+
+comment:
+  layout: "reach,diff,flags,tree,footer"
+  behavior: default
+  require_changes: false
+  require_base: false
+  require_head: true
+
+ignore:
+  - "**/*_test.go" # Ignore test files
+  - "**/test/**"
+  - "**/tests/**"
+  - "**/testdata/**"
+  - "internal/web/static/**" # Ignore generated frontend assets
+  - "docs/**"
+  - "claudedocs/**"
+  - "*.md"
+  - "vendor/**"
+
+flags:
+  backend:
+    paths:
+      - "**/*.go"
+    carryforward: true
+  unittests:
+    paths:
+      - "**/*.go"
+    carryforward: true

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,122 @@
+name: Bug Report
+description: Report a bug or unexpected behavior
+title: "[Bug]: "
+labels: ["bug", "needs-triage"]
+assignees: []
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for reporting a bug! Please fill out the following information to help us investigate and fix the issue.
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Bug Description
+      description: A clear and concise description of what the bug is.
+      placeholder: Describe the bug...
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to Reproduce
+      description: Steps to reproduce the behavior
+      placeholder: |
+        1. Go to '...'
+        2. Click on '...'
+        3. Scroll down to '...'
+        4. See error
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behavior
+      description: What did you expect to happen?
+      placeholder: Describe what you expected...
+    validations:
+      required: true
+
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Behavior
+      description: What actually happened?
+      placeholder: Describe what actually happened...
+    validations:
+      required: true
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs
+      description: If applicable, add logs to help explain the problem.
+      placeholder: Paste relevant logs here...
+      render: shell
+
+  - type: input
+    id: version
+    attributes:
+      label: Version
+      description: What version of GopherPass are you using?
+      placeholder: e.g., v1.0.13
+    validations:
+      required: true
+
+  - type: dropdown
+    id: deployment
+    attributes:
+      label: Deployment Method
+      description: How are you running GopherPass?
+      options:
+        - Docker
+        - Binary
+        - Build from source
+        - Other
+    validations:
+      required: true
+
+  - type: input
+    id: ldap-server
+    attributes:
+      label: LDAP Server Type
+      description: What LDAP server are you using?
+      placeholder: e.g., Active Directory, OpenLDAP, FreeIPA
+
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment Details
+      description: Relevant environment information
+      placeholder: |
+        - OS: [e.g., Ubuntu 24.04]
+        - Browser: [e.g., Chrome 120]
+        - Go version (if building from source): [e.g., 1.25]
+      value: |
+        - OS:
+        - Browser:
+        - Go version:
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context
+      description: Add any other context about the problem here.
+      placeholder: Any additional information...
+
+  - type: checkboxes
+    id: checks
+    attributes:
+      label: Pre-submission Checklist
+      description: Please confirm the following
+      options:
+        - label: I have searched for existing issues and this is not a duplicate
+          required: true
+        - label: I have redacted any sensitive information from logs and screenshots
+          required: true
+        - label: I am using the latest version (or have checked the changelog)
+          required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,11 @@
+blank_issues_enabled: true
+contact_links:
+  - name: 💬 Discussions
+    url: https://github.com/netresearch/ldap-selfservice-password-changer/discussions
+    about: Ask questions, share ideas, and discuss with the community
+  - name: 📖 Documentation
+    url: https://github.com/netresearch/ldap-selfservice-password-changer/tree/main/docs
+    about: Read the documentation for setup guides and configuration help
+  - name: 🔒 Private Security Advisory
+    url: https://github.com/netresearch/ldap-selfservice-password-changer/security/advisories/new
+    about: Report sensitive security vulnerabilities privately (recommended for exploitable issues)

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,100 @@
+name: Feature Request
+description: Suggest a new feature or enhancement
+title: "[Feature]: "
+labels: ["enhancement", "needs-triage"]
+assignees: []
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for suggesting a feature! Please provide as much detail as possible to help us understand your request.
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem Statement
+      description: Is your feature request related to a problem? Please describe.
+      placeholder: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+    validations:
+      required: true
+
+  - type: textarea
+    id: solution
+    attributes:
+      label: Proposed Solution
+      description: Describe the solution you'd like
+      placeholder: A clear and concise description of what you want to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+      description: Describe alternatives you've considered
+      placeholder: A clear and concise description of any alternative solutions or features you've considered.
+
+  - type: dropdown
+    id: component
+    attributes:
+      label: Component
+      description: Which component does this feature relate to?
+      options:
+        - Authentication
+        - Password Change
+        - Password Reset
+        - User Interface
+        - LDAP Integration
+        - Email Notifications
+        - Security
+        - Configuration
+        - Deployment
+        - Documentation
+        - Other
+
+  - type: dropdown
+    id: priority
+    attributes:
+      label: Priority
+      description: How important is this feature to you?
+      options:
+        - Nice to have
+        - Would significantly improve my workflow
+        - Critical for my use case
+
+  - type: textarea
+    id: use-case
+    attributes:
+      label: Use Case
+      description: Describe your use case and how this feature would help
+      placeholder: Explain how you would use this feature and what value it would provide...
+    validations:
+      required: true
+
+  - type: textarea
+    id: implementation
+    attributes:
+      label: Implementation Ideas
+      description: If you have ideas about how this could be implemented, share them here
+      placeholder: Optional technical details, API suggestions, UI mockups, etc.
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context
+      description: Add any other context, screenshots, or examples about the feature request here.
+      placeholder: Any additional information...
+
+  - type: checkboxes
+    id: checks
+    attributes:
+      label: Pre-submission Checklist
+      description: Please confirm the following
+      options:
+        - label: I have searched for existing issues and this feature has not been requested before
+          required: true
+        - label: This feature aligns with the project's goals (LDAP self-service password management)
+          required: true
+        - label: I am willing to help test this feature once implemented
+          required: false