release: v1.5.0 - Quality of Life Improvements

IndieAuth Authentication:
- Corrected W3C IndieAuth specification compliance
- Uses response_type=id for authentication-only flow per spec
- Discovers endpoints from user profile URL
- Removed hardcoded indielogin.com service
- DEPRECATED: INDIELOGIN_URL config (now auto-discovered)

Timestamp-Based Slugs (ADR-062):
- Default slugs now use YYYYMMDDHHMMSS format
- Unique collision handling with numeric suffix

Debug File Management:
- Controlled by DEBUG_SAVE_FAILED_UPLOADS config
- Auto-cleanup of files older than 7 days
- 100MB disk space protection
- Filename sanitization for security

Performance:
- N+1 query fix in feed generation
- Batch media loading for feed notes

Data Integrity:
- Atomic variant generation with temp files
- Database/filesystem consistency on failure

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

tests/test_auth.py

@@ -233,7 +233,8 @@ class TestInitiateLogin:
             assert "client_id=" in auth_url
             assert "redirect_uri=" in auth_url
             assert "state=" in auth_url
-            assert "response_type=code" in auth_url
+            # Per W3C IndieAuth: response_type=id for authentication-only (identity verification)
+            assert "response_type=id" in auth_url
 
             # State should be stored in database
             result = db.execute("SELECT COUNT(*) as count FROM auth_state").fetchone()