fix: Mobile hamburger menu and iPad sidebar visibility

Mobile fixes:
- Add click toggle handler for hamburger menu (was hover-only)
- Menu now opens/closes on tap and closes when clicking outside
- Keep hover support for desktop

iPad fixes:
- Sidebar content now visible on touch devices (901-1280px)
- Added (hover: hover) media query to prevent hide-on-hover on tablets

Security improvements:
- Replace exec.CommandContext with go-git library for git operations
- Add path traversal and command injection prevention
- Fix race condition in template hot reload
- Add environment-based cookie Secure flag

Code quality:
- Add constants.go for magic numbers
- Remove unused code (ParsePreferenceToggleRequest, DomainError)
- Add FOUC prevention with inline critical CSS
- Add Makefile dev/run/clean targets
- Fix README git clone URL
- Add doc/DECISIONS.md for architectural decisions

Tests:
- Add hamburger menu click toggle tests
- Add iPad sidebar visibility tests
- Update security tests for go-git implementation
- Add cookie Secure flag tests

internal/handlers/errors.go

@@ -210,68 +210,6 @@ func (e *DomainError) WithField(field string) *DomainError {
 	return e
 }
 
-// Common domain error constructors
-
-func InvalidLanguageError(lang string) *DomainError {
-	return NewDomainError(
-		ErrCodeInvalidLanguage,
-		fmt.Sprintf("Unsupported language: %s (use 'en' or 'es')", lang),
-		http.StatusBadRequest,
-	).WithField("lang")
-}
-
-func InvalidLengthError(length string) *DomainError {
-	return NewDomainError(
-		ErrCodeInvalidLength,
-		fmt.Sprintf("Unsupported length: %s (use 'short' or 'long')", length),
-		http.StatusBadRequest,
-	).WithField("length")
-}
-
-func InvalidIconsError(icons string) *DomainError {
-	return NewDomainError(
-		ErrCodeInvalidIcons,
-		fmt.Sprintf("Unsupported icons option: %s (use 'show' or 'hide')", icons),
-		http.StatusBadRequest,
-	).WithField("icons")
-}
-
-func InvalidThemeError(theme string) *DomainError {
-	return NewDomainError(
-		ErrCodeInvalidTheme,
-		fmt.Sprintf("Unsupported theme: %s (use 'default' or 'clean')", theme),
-		http.StatusBadRequest,
-	).WithField("theme")
-}
-
-func InvalidVersionError(version string) *DomainError {
-	return NewDomainError(
-		ErrCodeInvalidVersion,
-		fmt.Sprintf("Unsupported version: %s (use 'with_skills' or 'clean')", version),
-		http.StatusBadRequest,
-	).WithField("version")
-}
-
-func PDFGenerationError(err error) *DomainError {
-	return NewDomainError(
-		ErrCodePDFGeneration,
-		"Failed to generate PDF",
-		http.StatusInternalServerError,
-	).WithError(err)
-}
-
-func MethodNotAllowedError(method string) *DomainError {
-	return NewDomainError(
-		ErrCodeMethodNotAllowed,
-		fmt.Sprintf("Method %s not allowed", method),
-		http.StatusMethodNotAllowed,
-	)
-}
-
-func RateLimitError() *DomainError {
-	return NewDomainError(
-		ErrCodeRateLimitExceeded,
-		"Rate limit exceeded. Please try again later.",
-		http.StatusTooManyRequests,
-	)
-}
+// NOTE: Domain error constructors were removed as they were unused.
+// If needed in the future, they can be re-added following the DomainError pattern above.
+// See git history for the previous implementation.