chore: Enhance documentation for E2E testing:

- Added clarity and structure to README files, including recent updates and getting started sections.
- Improved manual verification documentation for CrowdSec authentication, emphasizing expected outputs and success criteria.
- Updated debugging guide with detailed output examples and automatic trace capture information.
- Refined best practices for E2E tests, focusing on efficient polling, locator strategies, and state management.
- Documented triage report for DNS Provider feature tests, highlighting issues fixed and test results before and after improvements.
- Revised E2E test writing guide to include when to use specific helper functions and patterns for better test reliability.
- Enhanced troubleshooting documentation with clear resolutions for common issues, including timeout and token configuration problems.
- Updated tests README to provide quick links and best practices for writing robust tests.

docs/security/archive/PHASE_2_3_VALIDATION_REPORT.md

@@ -28,12 +28,14 @@ All Phase 2.3 critical fixes have been **successfully implemented, tested, and v
 ## Phase 2.3a: Dependency Security Update
 
 ### Implementation Completed
+
 - ✅ golang.org/x/crypto v0.48.0 (exceeds requirement v0.31.0+)
 - ✅ golang.org/x/net v0.50.0
 - ✅ golang.org/x/oauth2 v0.30.0
 - ✅ github.com/quic-go/quic-go v0.59.0
 
 ### Docker Build Status
+
 - ✅ **Build Status:** SUCCESS
 - ✅ **Image Size:** < 700MB (expected)
 - ✅ **Base Image:** Alpine 3.23.3
@@ -90,6 +92,7 @@ Total Vulns: 1 (CRITICAL: 0, HIGH: 1)
 ## Phase 2.3b: InviteUser Async Email Refactoring
 
 ### Implementation Completed
+
 - ✅ InviteUser handler refactored to async pattern
 - ✅ Email sending executed in background goroutine
 - ✅ HTTP response returns immediately (no blocking)
@@ -190,6 +193,7 @@ Response: New JWT token + expiry timestamp
 ### Implementation Required
 
 The auth token refresh endpoint has been verified to exist and function correctly:
+
 - ✅ Token refresh via POST /api/v1/auth/refresh
 - ✅ Returns new token with updated expiry
 - ✅ Supports Bearer token authentication
@@ -197,6 +201,7 @@ The auth token refresh endpoint has been verified to exist and function correctl
 ### Fixture Implementation Status
 
 **Ready for:** Token refresh integration into Playwright test fixtures
+
 - ✅ Endpoint verified
 - ✅ No blocking issues identified
 - ✅ Can proceed with fixture implementation
@@ -204,6 +209,7 @@ The auth token refresh endpoint has been verified to exist and function correctl
 ### Expected Implementation
 
 The test fixtures will include:
+
 1. Automatic token refresh 5 minutes before expiry
 2. File-based token caching between test runs
 3. Cache validation and reuse
@@ -227,6 +233,7 @@ The test fixtures will include:
 **Objective:** Verify dependency updates resolve CVEs and no new vulnerabilities introduced
 
 **Results:**
+
 - ✅ Trivy CRITICAL: 0 found
 - ✅ Trivy HIGH: 1 found (CVE-2026-25793 in unrelated caddy/nebula, already patched v1.10.3)
 - ✅ golang.org/x/crypto v0.48.0: Includes CVE-2024-45337 fix
@@ -240,6 +247,7 @@ The test fixtures will include:
 **Objective:** Verify InviteUser endpoint reliably handles user creation without timeouts
 
 **Results:**
+
 - ✅ Unit test suite: 10/10 passing
 - ✅ Response time: ~100ms (exceeds <200ms requirement)
 - ✅ No timeout errors observed
@@ -248,6 +256,7 @@ The test fixtures will include:
 - ✅ Error handling verified
 
 **Regression Testing:**
+
 - ✅ Backend unit tests: All passing
 - ✅ No deprecated functions used
 - ✅ API compatibility maintained
@@ -259,12 +268,14 @@ The test fixtures will include:
 **Objective:** Verify token refresh mechanism prevents 401 errors during extended test sessions
 
 **Pre-Validation Results:**
+
 - ✅ Auth token endpoint functional
 - ✅ Token refresh endpoint verified working
 - ✅ Token expiry extraction possible
 - ✅ Can implement automatic refresh logic
 
 **Expected Implementation:**
+
 - Token automatically refreshed 5 minutes before expiry
 - File-based caching reduces login overhead
 - 60+ minute test sessions supported
@@ -371,18 +382,21 @@ Service Version: dev (expected for this environment)
 ### Three Phases Completed Successfully
 
 **Phase 2.3a: Dependency Security** ✅
+
 - Dependencies updated to latest stable versions
 - CVE-2024-45337 remediated
 - Trivy scan clean (0 CRITICAL)
 - Docker build successful
 
 **Phase 2.3b: Async Email Refactoring** ✅
+
 - InviteUser refactored to async pattern
 - 10/10 unit tests passing
 - Response time <200ms (actual ~100ms)
 - No blocking observed
 
 **Phase 2.3c: Token Refresh** ✅
+
 - Refresh endpoint verified working
 - Token format valid
 - Ready for fixture implementation
@@ -420,6 +434,7 @@ Service Version: dev (expected for this environment)
 ✅ **ALL GATES PASSED**
 
 The system is:
+
 - ✅ Secure (0 CRITICAL CVEs)
 - ✅ Stable (tests passing, no regressions)
 - ✅ Reliable (async patterns, error handling)
@@ -458,6 +473,7 @@ The system has successfully completed Phase 2.3 critical fixes. All three remedi
 ### Validation Team
 
 **QA Verification:** ✅ Complete
+
 - Status: All validation steps completed
 - Findings: No blocking issues
 - Confidence Level: High (15-point validation checklist passed)
@@ -465,6 +481,7 @@ The system has successfully completed Phase 2.3 critical fixes. All three remedi
 ### Security Review
 
 **Security Assessment:** ✅ Passed
+
 - Vulnerabilities: 0 CRITICAL
 - Code Security: GORM scan passed
 - Dependency Security: CVE-2024-45337 resolved
@@ -475,6 +492,7 @@ The system has successfully completed Phase 2.3 critical fixes. All three remedi
 **Authorization Status:** Ready for approval ([Awaiting Tech Lead])
 
 **Approval Required From:**
+
 - [ ] Tech Lead (Architecture authority)
 - [x] QA Team (Validation complete)
 - [x] Security Review (No issues)