feat: Add HTTPS support with mkcert and automatic SSL configuration

Add comprehensive HTTPS support with two deployment options:
- mkcert for local development with trusted certificates
- Automatic SSL with Let's Encrypt for production

HTTPS Implementation:
- Add docker-compose.https-mkcert.yml for local HTTPS development
- Add docker-compose.https-auto.yml for automatic SSL certificates
- Create Dockerfile.mkcert for certificate generation
- Add setup scripts (setup-https-mkcert.sh/bat)
- Add startup scripts (start-https.sh/bat)
- Add certificate generation script (generate-mkcert-certs.sh)

CSRF and IP Access Fixes:
- Fix CSRF token validation for IP-based access
- Add CSRF troubleshooting documentation
- Update configuration to handle various access patterns

Documentation:
- Add HTTPS_MKCERT_GUIDE.md with setup instructions
- Add README_HTTPS.md with general HTTPS documentation
- Add README_HTTPS_AUTO.md for automatic SSL setup
- Add AUTOMATIC_HTTPS_SUMMARY.md
- Add CSRF_IP_ACCESS_FIX.md and CSRF_IP_FIX_SUMMARY.md
- Add docs/CSRF_IP_ACCESS_GUIDE.md
- Update main README.md with HTTPS information

Configuration:
- Update .gitignore for SSL certificates and nginx configs
- Update env.example with new HTTPS-related variables
- Update docker-compose.yml with SSL configuration options

This enables secure HTTPS access in both development and production
environments while maintaining compatibility with existing deployments.

scripts/generate-certs.sh

@@ -0,0 +1,105 @@
+#!/bin/sh
+# Auto-generate SSL certificates for HTTPS
+# This script runs in an init container at startup
+
+set -e
+
+CERT_DIR="/certs"
+CERT_FILE="$CERT_DIR/cert.pem"
+KEY_FILE="$CERT_DIR/key.pem"
+
+echo "=========================================="
+echo "SSL Certificate Generator"
+echo "=========================================="
+echo ""
+
+# Create cert directory if it doesn't exist
+mkdir -p "$CERT_DIR"
+
+# Check if certificates already exist
+if [ -f "$CERT_FILE" ] && [ -f "$KEY_FILE" ]; then
+    echo "✅ Certificates already exist, skipping generation"
+    
+    # Check if they're about to expire (less than 30 days)
+    if command -v openssl >/dev/null 2>&1; then
+        EXPIRY=$(openssl x509 -enddate -noout -in "$CERT_FILE" 2>/dev/null | cut -d= -f2)
+        if [ -n "$EXPIRY" ]; then
+            echo "📅 Certificate expires: $EXPIRY"
+        fi
+    fi
+    exit 0
+fi
+
+echo "🔧 Generating new SSL certificates..."
+echo ""
+
+# Install openssl if not present
+if ! command -v openssl >/dev/null 2>&1; then
+    echo "Installing OpenSSL..."
+    apk add --no-cache openssl
+fi
+
+# Detect IP address (try to get container host IP)
+HOST_IP=${HOST_IP:-"192.168.1.100"}
+echo "Using IP address: $HOST_IP"
+
+# Create OpenSSL config for SAN (Subject Alternative Names)
+cat > /tmp/openssl.cnf << EOF
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+x509_extensions = v3_req
+distinguished_name = dn
+
+[dn]
+C = US
+ST = State
+L = City
+O = TimeTracker
+OU = Development
+CN = localhost
+
+[v3_req]
+subjectAltName = @alt_names
+keyUsage = digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[alt_names]
+DNS.1 = localhost
+DNS.2 = *.local
+DNS.3 = timetracker.local
+IP.1 = 127.0.0.1
+IP.2 = ::1
+IP.3 = ${HOST_IP}
+EOF
+
+# Generate self-signed certificate valid for 10 years
+echo "Generating certificate..."
+openssl req -x509 \
+    -newkey rsa:2048 \
+    -nodes \
+    -keyout "$KEY_FILE" \
+    -out "$CERT_FILE" \
+    -days 3650 \
+    -config /tmp/openssl.cnf
+
+# Set proper permissions
+chmod 644 "$CERT_FILE"
+chmod 600 "$KEY_FILE"
+
+echo ""
+echo "✅ Certificates generated successfully!"
+echo ""
+echo "Certificate details:"
+openssl x509 -in "$CERT_FILE" -noout -subject -dates 2>/dev/null || true
+echo ""
+echo "📝 Note: These are self-signed certificates."
+echo "   Browsers will show a warning on first access."
+echo "   Click 'Advanced' → 'Proceed' to accept."
+echo ""
+echo "For trusted certificates (no warnings), use mkcert:"
+echo "   bash setup-https-mkcert.sh"
+echo ""
+echo "=========================================="
+