refactor: use pinned golangci-lint Docker image for linting (#55)

Closes [issue #50](#50)

## Summary

Refactors the Dockerfile to use a separate lint stage with a pinned golangci-lint Docker image, following the pattern used by [sneak/pixa](https://git.eeqj.de/sneak/pixa). This replaces the previous approach of installing golangci-lint via curl in the builder stage.

## Changes

### Dockerfile
- **New `lint` stage** using `golangci/golangci-lint:v2.11.3` (Debian-based, pinned by sha256 digest) as a separate build stage
- **Builder stage** depends on lint via `COPY --from=lint /src/go.sum /dev/null` — build won't proceed unless linting passes
- **Go bumped** from 1.24 to 1.26.1 (`golang:1.26.1-bookworm`, pinned by sha256)
- **golangci-lint bumped** from v1.64.8 to v2.11.3
- All three Docker images (golangci-lint, golang, alpine) pinned by sha256 digest
- Debian-based golangci-lint image used (not Alpine) because mattn/go-sqlite3 CGO does not compile on musl (off64_t)

### Linter Config (.golangci.yml)
- Migrated from v1 to v2 format (`version: "2"` added)
- Removed linters no longer available in v2: `gofmt` (handled by `make fmt-check`), `gosimple` (merged into `staticcheck`), `typecheck` (always-on in v2)
- Same set of linters enabled — no rules weakened

### Code Fixes (all lint issues from v2 upgrade)
- Added package comments to all packages
- Added doc comments to all exported types, functions, and methods
- Fixed unchecked errors flagged by `errcheck` (sqlDB.Close, os.Setenv in tests, resp.Body.Close, fmt.Fprint)
- Fixed unused parameters flagged by `revive` (renamed to `_`)
- Fixed `gosec` G120 warnings: added `http.MaxBytesReader` before `r.ParseForm()` calls
- Fixed `staticcheck` QF1012: replaced `WriteString(fmt.Sprintf(...))` with `fmt.Fprintf`
- Fixed `staticcheck` QF1003: converted if/else chain to tagged switch
- Renamed `DeliveryTask` → `Task` to avoid package stutter (`delivery.Task` instead of `delivery.DeliveryTask`)
- Renamed shadowed builtin `max` parameter to `upperBound` in `cryptoRandInt`
- Used `t.Setenv` instead of `os.Setenv` in tests (auto-restores)

### README.md
- Updated version requirements: Go 1.26+, golangci-lint v2.11+
- Updated Dockerfile description in project structure

## Verification

`docker build .` passes cleanly — formatting check, linting, all tests, and build all succeed.

Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de>
Reviewed-on: #55
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

internal/handlers/profile.go

@@ -13,6 +13,7 @@ func (h *Handlers) HandleProfile() http.HandlerFunc {
 		requestedUsername := chi.URLParam(r, "username")
 		if requestedUsername == "" {
 			http.NotFound(w, r)
+
 			return
 		}
 
@@ -21,6 +22,7 @@ func (h *Handlers) HandleProfile() http.HandlerFunc {
 		if err != nil || !h.session.IsAuthenticated(sess) {
 			// Redirect to login if not authenticated
 			http.Redirect(w, r, "/pages/login", http.StatusSeeOther)
+
 			return
 		}
 
@@ -29,6 +31,7 @@ func (h *Handlers) HandleProfile() http.HandlerFunc {
 		if !ok {
 			h.log.Error("authenticated session missing username")
 			http.Error(w, "Internal server error", http.StatusInternalServerError)
+
 			return
 		}
 
@@ -36,17 +39,19 @@ func (h *Handlers) HandleProfile() http.HandlerFunc {
 		if !ok {
 			h.log.Error("authenticated session missing user ID")
 			http.Error(w, "Internal server error", http.StatusInternalServerError)
+
 			return
 		}
 
 		// For now, only allow users to view their own profile
 		if requestedUsername != sessionUsername {
 			http.Error(w, "Forbidden", http.StatusForbidden)
+
 			return
 		}
 
 		// Prepare data for template
-		data := map[string]interface{}{
+		data := map[string]any{
 			"User": &UserInfo{
 				ID:       sessionUserID,
 				Username: sessionUsername,