feat: add packaging, deployment, error pages, and project docs

Phase 7 — Polish:
- Error page template with styled 404/403/500 pages
- Error rendering helper on Renderer

Phase 8 — Packaging & Deployment:
- Containerfile: multi-stage build, non-root user, health check,
  OCI labels with build date and git revision
- Makefile: build, test, cross-compile, deb, rpm, container,
  tarballs, checksums targets
- nfpm.yaml: .deb and .rpm package config
- systemd service: hardened with NoNewPrivileges, ProtectSystem,
  ProtectHome, PrivateTmp, RestrictSUIDSGID
- Default environment file with commented examples
- postinstall/preremove scripts (shellcheck validated)
- compose.yaml: example Podman/Docker Compose
- Caddyfile.example: subdomain, subpath, and remote proxy configs
- CHANGELOG.md for release notes
- CLAUDE.md with architecture, conventions, and quick reference

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

dist/postinstall.sh

@@ -0,0 +1,21 @@
+#!/bin/sh
+# Post-install script for Favoritter .deb/.rpm package.
+# Creates the system user and sets directory permissions.
+set -e
+
+# Create system user if it doesn't exist.
+if ! getent passwd favoritter >/dev/null 2>&1; then
+    useradd -r -s /usr/sbin/nologin -d /var/lib/favoritter favoritter
+fi
+
+# Ensure data directories exist with correct ownership.
+install -d -o favoritter -g favoritter -m 0750 /var/lib/favoritter
+install -d -o favoritter -g favoritter -m 0750 /var/lib/favoritter/uploads
+
+# Reload systemd to pick up the service file.
+if command -v systemctl >/dev/null 2>&1; then
+    systemctl daemon-reload
+fi
+
+echo "Favoritter installed. Configure /etc/favoritter/favoritter.env then run:"
+echo "  sudo systemctl enable --now favoritter"