Fixed issues:
- gochecknoglobals: moved vipsOnce into ImageProcessor struct field
- gosec G703 (path traversal): added nolint for hash-derived paths (matching existing pattern)
- gosec G704 (SSRF): added URL validation (scheme + host) before HTTP request
- gosec G306: changed file permissions from 0640 to named constant StorageFilePerm (0600)
- nlreturn: added blank lines before 7 return statements
- revive unused-parameter: renamed unused 'groups' parameter to '_'
- unused field: removed unused metaCacheMu from Cache struct
Note: gosec G703/G704 taint analysis traces data flow from function parameters
through all operations. No code-level sanitizer (filepath.Clean, URL validation,
hex validation) breaks the taint chain. Used nolint:gosec matching the existing
pattern in storage.go for the same false-positive class (paths derived from
SHA256 content hashes, not user input).
- Replace gen2brain/avif, gen2brain/webp, disintegration/imaging with govips
- govips uses libvips via CGO for fast native image processing
- Add libheif-dev to Dockerfile for AVIF support
- Add docker-test Makefile target for running tests in Docker
- Update processor.go to use vips API for decode, resize, encode
- Add TestMain to initialize/shutdown vips in tests
- Remove WASM-based libraries (gen2brain) in favor of native codecs
Performance improvement: AVIF encoding now uses native libheif instead of
WASM, significantly reducing encoding time for large images.
Test verifies that images can be encoded to AVIF format.
Currently fails because AVIF encoding is not implemented.
Removes the rejection test for AVIF output format.
TDD: This test expects WebP encoding to succeed. It currently fails
because WebP encoding is not implemented (returns ErrUnsupportedOutputFormat).
The test will pass once we add the gen2brain/webp library.
Implements the Processor interface using disintegration/imaging library.
Supports JPEG, PNG, GIF, WebP decoding and JPEG, PNG, GIF encoding.
Includes all fit modes: cover, contain, fill, inside, outside.
