fix: add native Caddy middleware plugin

[mitchellecm7]

Closes #16

Adds a native Caddy HTTP middleware module at plugins/caddy/ so Anubis can be compiled directly into Caddy via xcaddy with no separate process or forward-auth round-trip.

Usage
xcaddy build --with github.com/TecharoHQ/anubis/plugins/caddy

Changes since the original PR #1577:

• Fixed directive ordering: After "templates" instead of Before "reverse_proxy" (thanks @crishoj)
• Replaced fmt.Sscanf with strconv.Atoi for difficulty parsing
• Properly use Caddy's logger instead of discarding it
• Added tests for parseSameSite, keyFromHex, and contextualNext

Design notes:

• contextualNext pattern bridges Caddy's per-request next handler with Anubis's construction-time Next option — goroutine-safe, zero allocations
• use_remote_addr opt-in for bare-metal deployments
• All built-in store backends registered (memory/bbolt/valkey/s3)

[crishoj]

I'm sorry, but this is still far from ready for a PR.

• There is logger := ctx.Logger(); logger.Info("anubis caddy middleware provisioned") but then… that's it. Emits one info line, and doesn't pass the logger into libanubis, so Anubis logs are still bypassing Caddy's pipeline.
• Validate is tautological. if m.server == nil { error } checks state set by Provision, not user input. Bad hex, missing policy file, out-of-range difficulty all surface as 500s on the first request.
• No Cleanup. Stores leak on Caddy reload.
• No replacer support. policy_file, ed25519_private_key_hex, etc. don't expand {env.X} or {file./path}.
• Very limited test coverage.
• The README's "Multi-site setup" section is incorrect. Per lib: anubis.BasePrefix and anubis.PublicUrl are package globals; multi-instance use silently corrupts cookies #1588, anubis.BasePrefix and anubis.PublicUrl are package-level globals — two anubis blocks with different prefixes will silently corrupt each other's cookies.

[Xe]

There is already a PR for this. Closing duplicate.