fix: resolve all golangci-lint issues

Fixes #32

Changes:
- middleware.go: use max() builtin, strconv.Itoa, fix wsl whitespace
- database.go: fix nlreturn, noinlineerr, wsl whitespace
- handlers.go: remove unnecessary template.HTML conversion, unused import
- app.go: extract cleanupContainer to fix nestif, fix lll
- client.go: break long string literals to fix lll
- deploy.go: fix wsl whitespace
- auth_test.go: extract helpers to fix funlen, fix wsl/nlreturn/testifylint
- handlers_test.go: deduplicate IDOR tests, fix paralleltest
- validation_test.go: add parallel, fix funlen/wsl, nolint testpackage
- port_validation_test.go: add parallel, nolint testpackage
- ratelimit_test.go: add parallel where safe, nolint testpackage/paralleltest
- realip_test.go: add parallel, use NewRequestWithContext, fix wsl/funlen
- user.go: (noinlineerr already fixed by database.go pattern)

internal/database/database.go

@@ -172,6 +172,7 @@ func (d *Database) connect(ctx context.Context) error {
 // HashWebhookSecret returns the hex-encoded SHA-256 hash of a webhook secret.
 func HashWebhookSecret(secret string) string {
 	sum := sha256.Sum256([]byte(secret))
+
 	return hex.EncodeToString(sum[:])
 }
 
@@ -181,6 +182,7 @@ func (d *Database) backfillWebhookSecretHashes(ctx context.Context) error {
 	if err != nil {
 		return fmt.Errorf("querying apps for backfill: %w", err)
 	}
+
 	defer func() { _ = rows.Close() }()
 
 	type row struct {
@@ -191,14 +193,17 @@ func (d *Database) backfillWebhookSecretHashes(ctx context.Context) error {
 
 	for rows.Next() {
 		var r row
-		if scanErr := rows.Scan(&r.id, &r.secret); scanErr != nil {
+
+		scanErr := rows.Scan(&r.id, &r.secret)
+		if scanErr != nil {
 			return fmt.Errorf("scanning app for backfill: %w", scanErr)
 		}
 
 		toUpdate = append(toUpdate, r)
 	}
 
-	if rowsErr := rows.Err(); rowsErr != nil {
+	rowsErr := rows.Err()
+	if rowsErr != nil {
 		return fmt.Errorf("iterating apps for backfill: %w", rowsErr)
 	}