feat: Enhance Dockerfile for Caddy with security patches and automate dependency management

- Added custom manager in renovate.json to track Go dependencies patched in Dockerfile for Caddy CVE fixes.
- Updated Dockerfile to pre-fetch and override vulnerable module versions for dependencies (expr, quic-go, smallstep/certificates) during the build process.
- Improved build resilience by implementing a fallback mechanism for Caddy versioning.
- Introduced tests for user SMTP audit, covering invite token security, input validation, authorization, and SMTP config security.
- Enhanced user invite functionality with duplicate email protection and case-insensitive checks.
- Updated go.work.sum to include new dependencies and ensure compatibility.

.github/renovate.json

@@ -16,7 +16,27 @@
   "vulnerabilityAlerts": { "enabled": true },
   "schedule": ["every weekday"],
   "rangeStrategy": "bump",
+  "customManagers": [
+    {
+      "customType": "regex",
+      "description": "Track Go dependencies patched in Dockerfile for Caddy CVE fixes",
+      "fileMatch": ["^Dockerfile$"],
+      "matchStrings": [
+        "#\\s*renovate:\\s*datasource=go\\s+depName=(?<depName>[^\\s]+)\\s*\\n\\s*go get (?<depName2>[^@]+)@v(?<currentValue>[^\\s|]+)"
+      ],
+      "datasourceTemplate": "go",
+      "versioningTemplate": "semver"
+    }
+  ],
   "packageRules": [
+    {
+      "description": "Caddy transitive dependency patches in Dockerfile",
+      "matchManagers": ["regex"],
+      "matchFileNames": ["Dockerfile"],
+      "matchPackagePatterns": ["expr-lang/expr", "quic-go/quic-go", "smallstep/certificates"],
+      "labels": ["dependencies", "caddy-patch", "security"],
+      "automerge": true
+    },
     {
       "description": "Automerge safe patch updates",
       "matchUpdateTypes": ["patch"],