feat(release): align simplelogin-aio with sure-aio parity

[JSONbored]

Summary

• align simplelogin-aio with the current sure-aio CI/CD, release, and upstream-tracking model
• harden the runtime and expand the Unraid template to expose the audited upstream SimpleLogin config surface
• refresh repo docs and CA-facing metadata for release readiness

What changed

• ported the build, release, and upstream-check workflows to the sure-aio structure, including git-cliff release prep, template <Changes> sync, Docker Hub publish support, protected-branch-safe awesome-unraid sync, and upstream version+digest tracking
• added CI helper and validation scripts for release flags, template validation, and changelog-to-template updates
• hardened the Docker image and runtime scripts with verified s6 overlay downloads, package upgrades, persisted DKIM storage, /custom-assets support, improved env handling, safer workflow shell usage, and relay fixes including Mailgun coverage
• expanded simplelogin-aio.xml to expose the audited upstream env/config surface while keeping the beginner path small
• rebuilt the README and setup docs to match the fleet style and document AIO tradeoffs more honestly
• closed stale upstream bump PRs and deleted their obsolete remote branches

Why

• the repo had drifted from the current fleet baseline and was missing important release-process, template-surface, and runtime-hardening changes already present in sure-aio
• SimpleLogin’s wrapper needed stronger first-boot reliability and a more complete advanced configuration surface before pushing the template live

Validation

• python3 -m py_compile scripts/ci_flags.py scripts/test-ci-flags.py scripts/check-upstream.py scripts/validate-template.py scripts/update-template-changes.py scripts/release.py
• python3 scripts/test-ci-flags.py
• python3 scripts/validate-template.py
• shellcheck scripts/smoke-test.sh rootfs/etc/cont-init.d/*.sh rootfs/etc/services.d/*/run
• docker build --platform linux/amd64 -t simplelogin-aio:test .
• bash -x ./scripts/smoke-test.sh simplelogin-aio:test
• relay-mode validation for brevo, protonmail, gmail, mailgun, and custom
• trivy config --severity HIGH,CRITICAL .
• trivy fs --severity HIGH,CRITICAL --scanners vuln,secret,misconfig .
• trivy image --severity HIGH,CRITICAL simplelogin-aio:test
• local CodeRabbit review on the full diff

Notes

• the support-thread URL is still pending, so the template temporarily points Support at GitHub Issues
• remaining Trivy findings are inherited from the upstream simplelogin/app-ci Python environment rather than introduced by this wrapper layer
• current upstream packaging remains linux/amd64 only