feat: registry-driven DNS provider type discovery

Phase 1 of Custom DNS Provider Plugin Support: the /api/v1/dns-providers/types
endpoint now returns types dynamically from the dnsprovider.Global() registry
instead of a hardcoded list.

Backend handler queries registry for all provider types, metadata, and fields
Response includes is_built_in flag to distinguish plugins from built-ins
Frontend types updated with DNSProviderField interface and new response shape
Fixed flaky WAF exclusion test (isolated file-based SQLite DB)
Updated operator docs for registry-driven discovery and plugin installation
Refs: #461

docs/features/custom-plugins.md

@@ -151,6 +151,47 @@ When running Charon in Docker:
 
 Once a plugin is installed and loaded, it appears in the DNS provider list alongside built-in providers.
 
+### Discovering Loaded Plugins via API
+
+Query available provider types to see all registered providers (built-in and plugins):
+
+```bash
+curl https://charon.example.com/api/v1/dns-providers/types \
+  -H "Authorization: Bearer YOUR-TOKEN"
+```
+
+**Response:**
+
+```json
+{
+  "types": [
+    {
+      "type": "cloudflare",
+      "name": "Cloudflare",
+      "description": "Cloudflare DNS provider",
+      "documentation_url": "https://developers.cloudflare.com/api/",
+      "is_built_in": true,
+      "fields": [...]
+    },
+    {
+      "type": "powerdns",
+      "name": "PowerDNS",
+      "description": "PowerDNS Authoritative Server with HTTP API",
+      "documentation_url": "https://doc.powerdns.com/authoritative/http-api/",
+      "is_built_in": false,
+      "fields": [...]
+    }
+  ]
+}
+```
+
+**Key fields:**
+
+| Field | Description |
+|-------|-------------|
+| `is_built_in` | `true` = compiled into Charon, `false` = external plugin |
+| `fields` | Credential field specifications for the UI form |
+
 ### Via Web UI
 
 1. Navigate to **Settings** → **DNS Providers**
@@ -224,6 +265,19 @@ The plugin automatically configures Caddy's DNS challenge for Let's Encrypt:
 
 ### Listing Loaded Plugins
 
+**Via Types Endpoint (Recommended):**
+
+Filter for plugins using `is_built_in: false`:
+
+```bash
+curl https://charon.example.com/api/v1/dns-providers/types \
+  -H "Authorization: Bearer YOUR-TOKEN" | jq '.types[] | select(.is_built_in == false)'
+```
+
+**Via Plugins Endpoint:**
+
+Get detailed plugin metadata including version and author:
+
 ```bash
 curl https://charon.example.com/api/admin/plugins \
   -H "Authorization: Bearer YOUR-TOKEN"

docs/guides/dns-providers.md

@@ -12,7 +12,13 @@ DNS providers enable Charon to obtain SSL/TLS certificates for wildcard domains
 
 ## Supported DNS Providers
 
-Charon supports the following DNS providers through Caddy's libdns modules:
+Charon dynamically discovers available DNS provider types from an internal registry. This registry includes:
+
+- **Built-in providers** — Compiled into Charon (Cloudflare, Route 53, etc.)
+- **Custom providers** — Special-purpose providers like `manual` for unsupported DNS services
+- **External plugins** — Third-party `.so` plugin files loaded at runtime
+
+### Built-in Providers
 
 | Provider | Type | Setup Guide |
 |----------|------|-------------|
@@ -27,6 +33,84 @@ Charon supports the following DNS providers through Caddy's libdns modules:
 | Vultr | `vultr` | [Documentation](https://caddyserver.com/docs/modules/dns.providers.vultr) |
 | DNSimple | `dnsimple` | [Documentation](https://caddyserver.com/docs/modules/dns.providers.dnsimple) |
 
+### Custom Providers
+
+| Provider | Type | Description |
+|----------|------|-------------|
+| Manual DNS | `manual` | For DNS providers without API support. Displays TXT record for manual creation. |
+
+### Discovering Available Provider Types
+
+Query available provider types programmatically via the API:
+
+```bash
+curl https://your-charon-instance/api/v1/dns-providers/types \
+  -H "Authorization: Bearer YOUR_TOKEN"
+```
+
+**Example Response:**
+
+```json
+{
+  "types": [
+    {
+      "type": "cloudflare",
+      "name": "Cloudflare",
+      "description": "Cloudflare DNS provider",
+      "documentation_url": "https://developers.cloudflare.com/api/",
+      "is_built_in": true,
+      "fields": [...]
+    },
+    {
+      "type": "manual",
+      "name": "Manual DNS",
+      "description": "Manually create DNS TXT records",
+      "documentation_url": "",
+      "is_built_in": false,
+      "fields": []
+    }
+  ]
+}
+```
+
+**Response fields:**
+
+| Field | Description |
+|-------|-------------|
+| `type` | Unique identifier used in API requests |
+| `name` | Human-readable display name |
+| `description` | Brief description of the provider |
+| `documentation_url` | Link to provider's API documentation |
+| `is_built_in` | `true` for compiled providers, `false` for plugins/custom |
+| `fields` | Required credential fields and their specifications |
+
+> **Tip:** Use `is_built_in` to distinguish official providers from external plugins in your automation workflows.
+
+## Adding External Plugins
+
+Extend Charon with third-party DNS provider plugins by placing `.so` files in the plugin directory.
+
+### Installation
+
+1. Set the plugin directory environment variable:
+
+   ```bash
+   export CHARON_PLUGINS_DIR=/etc/charon/plugins
+   ```
+
+2. Copy plugin files:
+
+   ```bash
+   cp powerdns.so /etc/charon/plugins/
+   chmod 755 /etc/charon/plugins/powerdns.so
+   ```
+
+3. Restart Charon — plugins load automatically at startup.
+
+4. Verify the plugin appears in `GET /api/v1/dns-providers/types` with `is_built_in: false`.
+
+For detailed plugin installation and security guidance, see [Custom Plugins](../features/custom-plugins.md).
+
 ## General Setup Workflow
 
 ### 1. Prerequisites