v0.7.0: Phase 1 — Authentication, Persistence & Settings Page

- New settings.json persistence layer (internal/settings/settings.go)
  - Atomic write (tmp + rename), thread-safe with sync.RWMutex
  - Stores password hash overrides and DB validation cache
  - Auto-creates on first save, graceful handling if missing

- Auth improvements
  - Password resolution priority: settings.json > controller.yaml > none
  - Session duration extended to 7 days (was 24h)
  - ?next= redirect after session expiry (returns to original page)
  - Flash messages on login page (used after password change)
  - Conditional logout link (hidden when auth disabled)
  - Session invalidation on password change

- New Settings page (/settings)
  - Read-only system config display (customer, domain, git, backup, monitoring)
  - Password change form with validation (min 8 chars, match check)
  - Sidebar "Beállítások" item pinned to bottom above version

- DB validation persistence
  - Validation results saved to settings.json after each dump
  - Cached data survives container restarts

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

controller/internal/web/templates/style.css

@@ -1611,6 +1611,82 @@ a.stat-card:hover {
     font-family: 'JetBrains Mono', monospace;
 }
 
+/* --- Settings page --- */
+.settings-card {
+    background: var(--bg-card);
+    border-radius: var(--radius);
+    padding: 1.5rem;
+    border: 1px solid var(--border-color);
+    margin-bottom: 1.5rem;
+}
+.settings-card h3 {
+    margin-bottom: .5rem;
+}
+.settings-card-desc {
+    color: var(--text-secondary);
+    font-size: .85rem;
+    margin-bottom: 1rem;
+}
+.settings-grid {
+    display: flex;
+    flex-direction: column;
+}
+.settings-row {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: .5rem .75rem;
+    border-bottom: 1px solid rgba(48, 54, 61, 0.3);
+    font-size: .9rem;
+    gap: 1rem;
+}
+.settings-row:last-child { border-bottom: none; }
+.settings-label {
+    color: var(--text-secondary);
+    font-weight: 500;
+    white-space: nowrap;
+    flex-shrink: 0;
+}
+.settings-value {
+    color: var(--text-primary);
+    text-align: right;
+    word-break: break-word;
+}
+.settings-value.mono {
+    font-family: 'JetBrains Mono', monospace;
+    font-size: .85rem;
+}
+.settings-value-truncate {
+    max-width: 400px;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+/* Sidebar bottom section */
+.sidebar-bottom {
+    margin-top: auto;
+    border-top: 1px solid var(--border-color);
+}
+.sidebar-settings-link {
+    display: block;
+    padding: .75rem 1.5rem;
+    color: var(--text-secondary);
+    text-decoration: none;
+    font-size: .95rem;
+    font-weight: 500;
+    transition: color 0.2s ease, background 0.2s ease;
+}
+.sidebar-settings-link:hover {
+    color: var(--accent-light);
+    background: rgba(0, 136, 204, 0.08);
+}
+.sidebar-settings-link.active {
+    color: var(--accent-light);
+    background: rgba(0, 136, 204, 0.12);
+    border-left: 3px solid var(--accent-blue);
+}
+
 /* Responsive */
 @media(max-width: 768px) {
     .sidebar { width: 100%; height: auto; position: relative; border-right: none; border-bottom: 1px solid var(--border-color); }