feat: Add secure contact form with comprehensive security features

- Add contact form dialog with HTMX integration (hx-post)
- Implement browser-only access middleware (blocks curl/Postman/wget)
- Add rate limiting (5 requests/hour per IP) for contact endpoint
- Implement honeypot and timing-based bot detection
- Add input validation (email format, message length 10-5000 chars)
- Create contact button in desktop and mobile navigation (last position)

Security features:
- Browser-only middleware validates User-Agent, Referer/Origin, HX-Request headers
- Honeypot field returns fake success to fool bots while logging spam
- Timing validation rejects forms submitted < 2 seconds
- All security events logged for monitoring

Documentation:
- docs/SECURITY.md - Comprehensive security documentation
- docs/HACK-CHALLENGE.md - "Try to Hack Me!" challenge for security researchers
- docs/SECURITY-AUDIT-REPORT.md - Full security audit report
- docs/CONTACT-FORM-QUICKSTART.md - Integration guide

Form fields: email (required), name, company, subject, message (required)

internal/handlers/cv_text.go

@@ -66,6 +66,12 @@ func (h *CVHandler) PlainText(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Check icons parameter (default: true)
+	showIcons := true
+	if r.URL.Query().Get("icons") == "false" {
+		showIcons = false
+	}
+
 	// Prepare template data using shared helper (loads CV data)
 	data, err := h.prepareTemplateData(langCode)
 	if err != nil {
@@ -74,8 +80,9 @@ func (h *CVHandler) PlainText(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Add base URL for footer
+	// Add base URL and icons setting
 	data["BaseURL"] = h.serverAddr
+	data["Icons"] = showIcons
 
 	// Load and parse the plain text template
 	tmplPath := filepath.Join("templates", "cv-text.txt")