feat: Implement Phase 4 Web Interface with bugfixes (v0.5.2)

## Phase 4: Web Interface Implementation

Implemented complete web interface with public and admin routes,
templates, CSS, and development authentication.

### Core Features

**Public Routes**:
- Homepage with recent published notes
- Note permalinks with microformats2
- Server-side rendering (Jinja2)

**Admin Routes**:
- Login via IndieLogin
- Dashboard with note management
- Create, edit, delete notes
- Protected with @require_auth decorator

**Development Authentication**:
- Dev login bypass for local testing (DEV_MODE only)
- Security safeguards per ADR-011
- Returns 404 when disabled

**Templates & Frontend**:
- Base layouts (public + admin)
- 8 HTML templates with microformats2
- Custom responsive CSS (114 lines)
- Error pages (404, 500)

### Bugfixes (v0.5.1 → v0.5.2)

1. **Cookie collision fix (v0.5.1)**:
   - Renamed auth cookie from "session" to "starpunk_session"
   - Fixed redirect loop between dev login and admin dashboard
   - Flask's session cookie no longer conflicts with auth

2. **HTTP 404 error handling (v0.5.1)**:
   - Update route now returns 404 for nonexistent notes
   - Delete route now returns 404 for nonexistent notes
   - Follows ADR-012 HTTP Error Handling Policy
   - Pattern consistency across all admin routes

3. **Note model enhancement (v0.5.2)**:
   - Exposed deleted_at field from database schema
   - Enables soft deletion verification in tests
   - Follows ADR-013 transparency principle

### Architecture

**New ADRs**:
- ADR-011: Development Authentication Mechanism
- ADR-012: HTTP Error Handling Policy
- ADR-013: Expose deleted_at Field in Note Model

**Standards Compliance**:
- Uses uv for Python environment
- Black formatted, Flake8 clean
- Follows git branching strategy
- Version incremented per versioning strategy

### Test Results

- 405/406 tests passing (99.75%)
- 87% code coverage
- All security tests passing
- Manual testing confirmed working

### Documentation

- Complete implementation reports in docs/reports/
- Architecture reviews in docs/reviews/
- Design documents in docs/design/
- CHANGELOG updated for v0.5.2

### Files Changed

**New Modules**:
- starpunk/dev_auth.py
- starpunk/routes/ (public, admin, auth, dev_auth)

**Templates**: 10 files (base, pages, admin, errors)
**Static**: CSS and optional JavaScript
**Tests**: 4 test files for routes and templates
**Docs**: 20+ architectural and implementation documents

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

templates/admin/login.html

@@ -0,0 +1,48 @@
+{% extends "base.html" %}
+
+{% block title %}Login - StarPunk Admin{% endblock %}
+
+{% block content %}
+<div class="login-container">
+  <h2>Admin Login</h2>
+  <p>Sign in with your personal website using IndieLogin</p>
+
+  <form action="{{ url_for('auth.login_initiate') }}" method="POST" class="login-form">
+    <div class="form-group">
+      <label for="me">Your Website URL</label>
+      <input
+        type="url"
+        id="me"
+        name="me"
+        placeholder="https://example.com"
+        required
+        autofocus
+      >
+      <small>Enter your website URL (must match admin configuration)</small>
+    </div>
+
+    <button type="submit" class="button button-primary">Sign in with IndieLogin</button>
+  </form>
+
+  {% if config.DEV_MODE %}
+  <div class="dev-login-option">
+    <hr>
+    <p class="dev-warning">Development mode active</p>
+    <a href="{{ url_for('dev_auth.dev_login') }}" class="button button-warning">
+      Quick Dev Login (No Auth)
+    </a>
+  </div>
+  {% endif %}
+
+  <div class="login-help">
+    <h3>What is IndieLogin?</h3>
+    <p>
+      IndieLogin allows you to sign in using your own website.
+      No password required - just authenticate with your domain.
+    </p>
+    <a href="https://indielogin.com/api" target="_blank" rel="noopener">
+      Learn more about IndieLogin
+    </a>
+  </div>
+</div>
+{% endblock %}