feat(PROJ-27): Docker-Support + install.sh v2.0 (native + Docker-Modus)

Adds multi-stage Dockerfiles (Go+Xapian CGO, Next.js standalone),
docker-compose.yml, webhook-basierter Deploy-Flow und erweitertes
install.sh mit interaktiver Modus-Auswahl.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

scripts/deploy.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+# deploy.sh — Wird vom Webhook-Dienst bei GitHub-Push auf main aufgerufen.
+# Läuft auf dem HOST (nicht im Container).
+
+set -euo pipefail
+
+INSTALL_DIR="${INSTALL_DIR:-/opt/archivmail}"
+LOG_FILE="/var/log/archivmail/deploy.log"
+
+log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOG_FILE"; }
+
+log "=== Deploy gestartet (von GitHub Webhook) ==="
+
+cd "$INSTALL_DIR"
+
+# 1. Aktuellen Stand holen
+log "git pull origin main..."
+git pull origin main
+
+# 2. Neue Images bauen
+log "docker compose build..."
+docker compose build --no-cache
+
+# 3. Stack neustarten (zero-downtime: postgres bleibt laufen)
+log "docker compose up -d..."
+docker compose up -d --remove-orphans
+
+# 4. Alte ungenutzte Images aufräumen
+docker image prune -f
+
+log "=== Deploy abgeschlossen ==="

scripts/webhook-hooks.json

@@ -0,0 +1,32 @@
+[
+  {
+    "id": "deploy",
+    "execute-command": "/opt/archivmail/scripts/deploy.sh",
+    "command-working-directory": "/opt/archivmail",
+    "response-message": "Deploy gestartet.",
+    "trigger-rule": {
+      "and": [
+        {
+          "match": {
+            "type": "payload-hmac-sha256",
+            "secret": "{{ getenv \"WEBHOOK_SECRET\" }}",
+            "parameter": {
+              "source": "header",
+              "name": "X-Hub-Signature-256"
+            }
+          }
+        },
+        {
+          "match": {
+            "type": "value",
+            "value": "refs/heads/main",
+            "parameter": {
+              "source": "payload",
+              "name": "ref"
+            }
+          }
+        }
+      ]
+    }
+  }
+]