refactor(infra): Restrukturierung Config-Ordner & Einführung von Docker-Profilen

Umfangreiches Refactoring der Projektkonfiguration zur klaren Trennung von Build-, Runtime- und Applikations-Logik.

Änderungen im Detail:
- Struktur: Neuorganisation des `config/` Verzeichnisses in logische Bereiche:
  - `config/docker`: Reine Infrastruktur-Configs (Postgres, Redis, Nginx, Monitoring).
  - `config/quality`: Statische Code-Analyse (Detekt, Lint).
  - `config/app`: Gemeinsame Spring-Boot-Konfigurationen.
- Docker Compose:
  - Einführung von Profilen (`infra`, `backend`, `ops`, `gui`, `tools`) für gezieltes Starten von Teilbereichen.
  - Anpassung aller Volume-Pfade auf die neue Struktur.
- Spring Boot Config:
  - Zentralisierung gemeinsamer Einstellungen (Datasource, Redis, JPA) in `config/app/base-application.yml`.
  - Parametrisierung der Hosts für nahtlosen Wechsel zwischen Docker und Localhost.
  - Bereinigung der service-spezifischen `application.yaml` Dateien (z.B. Ping-Service).
- Cleanup: Entfernen redundanter "Ghost-Files" (`versions.toml`, `central.toml`, `config/.env`), um eine echte Single Source of Truth (SSoT) zu gewährleisten.

config/docker/nginx/web-app/Dockerfile

@@ -0,0 +1,116 @@
+# syntax=docker/dockerfile:1.8
+# ===================================================================
+# Multi-Stage Dockerfile for Meldestelle Web-App (Kotlin/JS)
+# Version: 2.1.0 - Fix: Use Debian for Build (Glibc), Alpine for Run
+# ===================================================================
+
+# === GLOBAL ARGS ===
+ARG GRADLE_VERSION
+ARG JAVA_VERSION
+ARG NODE_VERSION
+ARG NGINX_IMAGE_TAG
+ARG WEB_BUILD_PROFILE
+ARG VERSION
+ARG BUILD_DATE
+
+# ===================================================================
+# Stage 1: Build Stage (Debian-based for Node.js compatibility)
+# ===================================================================
+# WICHTIG: Wir nutzen hier NICHT Alpine, damit die Node-Binaries funktionieren!
+FROM gradle:${GRADLE_VERSION}-jdk${JAVA_VERSION} AS builder
+
+ARG WEB_BUILD_PROFILE
+ARG VERSION
+ARG BUILD_DATE
+
+LABEL stage=builder
+WORKDIR /workspace
+
+# 1. Gradle Optimizations
+# Hinweis: Wir lassen Node/Yarn Download Flags weg, da Gradle auf Debian
+# die Standard-Binaries problemlos laden und ausführen kann.
+ENV GRADLE_OPTS="-Dorg.gradle.caching=true \
+                 -Dorg.gradle.daemon=false \
+                 -Dorg.gradle.parallel=true \
+                 -Dorg.gradle.workers.max=2 \
+                 -Dorg.gradle.jvmargs=-Xmx2g \
+                 -XX:+UseParallelGC \
+                 -XX:MaxMetaspaceSize=512m"
+ENV GRADLE_USER_HOME=/home/gradle/.gradle
+
+# 2. Copy Build Configs
+COPY gradlew gradlew.bat gradle.properties settings.gradle.kts ./
+COPY gradle/ gradle/
+COPY build.gradle.kts ./
+
+RUN chmod +x gradlew
+
+# 3. Copy Sources (Monorepo Structure)
+COPY platform/ platform/
+COPY core/ core/
+COPY backend/ backend/
+COPY frontend/ frontend/
+# FIX: Docs Ordner ist notwendig für die Gradle-Konfigurationsphase
+COPY docs/ docs/
+
+# 4. Resolve Dependencies
+# Wir lassen Gradle Node.js selbst herunterladen (funktioniert jetzt, da wir auf Debian sind)
+RUN --mount=type=cache,target=/home/gradle/.gradle/caches \
+    --mount=type=cache,target=/home/gradle/.gradle/wrapper \
+    ./gradlew :frontend:shells:meldestelle-portal:dependencies --no-daemon
+
+# 5. Build Web App
+RUN --mount=type=cache,target=/home/gradle/.gradle/caches \
+    --mount=type=cache,target=/home/gradle/.gradle/wrapper \
+    if [ "$WEB_BUILD_PROFILE" = "prod" ]; then \
+        echo "Building for PRODUCTION..."; \
+        ./gradlew :frontend:shells:meldestelle-portal:jsBrowserDistribution -Pproduction=true --no-daemon; \
+        mkdir -p /app/dist && \
+        cp -r frontend/shells/meldestelle-portal/build/dist/js/productionExecutable/* /app/dist/; \
+    else \
+        echo "Building for DEVELOPMENT..."; \
+        ./gradlew :frontend:shells:meldestelle-portal:jsBrowserDevelopmentExecutable --no-daemon; \
+        mkdir -p /app/dist && \
+        cp -r frontend/shells/meldestelle-portal/build/dist/js/developmentExecutable/* /app/dist/; \
+    fi
+
+# ===================================================================
+# Stage 2: Runtime Stage (Alpine Nginx)
+# ===================================================================
+FROM nginx:${NGINX_IMAGE_TAG}
+
+ARG VERSION
+ARG BUILD_DATE
+ARG JAVA_VERSION
+
+# Metadata
+LABEL service="web-app" \
+      version="${VERSION}" \
+      maintainer="Meldestelle Development Team" \
+      build.date="${BUILD_DATE}" \
+      org.opencontainers.image.title="Meldestelle Web-App"
+
+# Tools & User Setup
+RUN apk add --no-cache curl && \
+    rm /etc/nginx/conf.d/default.conf && \
+    mkdir -p /usr/share/nginx/html/downloads
+
+# Copy Artifacts
+COPY config/frontends/web-app/nginx.conf /etc/nginx/nginx.conf
+COPY --from=builder /app/dist/ /usr/share/nginx/html/
+COPY config/frontends/web-app/downloads/ /usr/share/nginx/html/downloads/
+
+# Permissions
+RUN chown -R nginx:nginx /usr/share/nginx/html && \
+    chmod -R 755 /usr/share/nginx/html && \
+    chown -R nginx:nginx /var/cache/nginx /var/log/nginx /etc/nginx/conf.d && \
+    touch /var/run/nginx.pid && \
+    chown -R nginx:nginx /var/run/nginx.pid
+
+USER nginx
+EXPOSE 4000
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+    CMD curl -f http://localhost:4000/health || exit 1
+
+CMD ["nginx", "-g", "daemon off;"]

config/docker/nginx/web-app/downloads/index.html

@@ -0,0 +1,30 @@
+<!doctype html>
+<html lang="de">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>Meldestelle – Desktop Downloads (Platzhalter)</title>
+    <style>
+      body { font-family: system-ui, -apple-system, Segoe UI, Roboto, Ubuntu, Cantarell, 'Helvetica Neue', Arial, 'Noto Sans', 'Liberation Sans', sans-serif; margin: 2rem; }
+      h1 { margin-bottom: .25rem; }
+      .muted { color: #666; }
+      ul { line-height: 1.8; }
+      .card { border: 1px solid #e5e7eb; border-radius: 8px; padding: 1rem 1.25rem; max-width: 720px; }
+    </style>
+  </head>
+  <body>
+    <h1>Desktop Downloads</h1>
+    <p class="muted">Platzhalter-Verzeichnis. Hier können zukünftig Installer/Archive der Desktop-App bereitgestellt werden.</p>
+    <div class="card">
+      <p>Lege deine Dateien in dieses Verzeichnis im Repository:</p>
+      <pre><code>dockerfiles/clients/web-app/downloads/</code></pre>
+      <p>Oder mounte in Docker Compose ein Host-Verzeichnis auf <code>/usr/share/nginx/html/downloads</code>.</p>
+      <p>Beispiele (geplant):</p>
+      <ul>
+        <li>Meldestelle-Setup-1.0.0.msi (Windows)</li>
+        <li>Meldestelle-1.0.0.dmg (macOS)</li>
+        <li>Meldestelle-1.0.0.deb (Linux)</li>
+      </ul>
+    </div>
+  </body>
+  </html>

config/docker/nginx/web-app/nginx.conf

@@ -0,0 +1,101 @@
+# ===================================================================
+# Nginx-Konfiguration für Meldestelle Web-App
+# Static Files + API Proxy zu Gateway
+# ===================================================================
+
+# Worker-Prozesse (konfigurierbar über NGINX_WORKER_PROCESSES)
+worker_processes auto;
+
+events {
+    worker_connections 1024;
+    use epoll;
+    multi_accept on;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Logging
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    # Performance Optimizations
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+
+    # Gzip Kompression für bessere Performance
+    gzip on;
+    gzip_vary on;
+    gzip_min_length 1024;
+    gzip_comp_level 6;
+    gzip_types
+        text/plain
+        text/css
+        text/xml
+        text/javascript
+        application/javascript
+        application/xml+rss
+        application/json
+        application/wasm;
+
+    # Upstream für API Gateway
+    upstream api-gateway {
+        server api-gateway:8081;
+    }
+
+    # Server-Block für Web-App
+    server {
+        listen 4000;
+        server_name localhost;
+        root /usr/share/nginx/html;
+        index index.html;
+
+        # Serve static files (Kotlin/JS compiled files)
+        location / {
+            try_files $uri $uri/ /index.html;
+
+            # Cache-Headers für statische Assets
+            location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+                expires 1y;
+                add_header Cache-Control "public, immutable";
+            }
+
+            # WASM Files mit korrektem MIME-Type
+            location ~* \.wasm$ {
+                add_header Content-Type application/wasm;
+                expires 1y;
+                add_header Cache-Control "public, immutable";
+            }
+        }
+
+        # Proxy API calls zu Gateway
+        location /api/ {
+            proxy_pass http://api-gateway;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # CORS Headers für API-Calls
+            add_header Access-Control-Allow-Origin *;
+            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
+            add_header Access-Control-Allow-Headers "Content-Type, Authorization";
+
+            # Handle preflight requests
+            if ($request_method = 'OPTIONS') {
+                return 204;
+            }
+        }
+
+        # Health-Check Endpoint
+        location /health {
+            access_log off;
+            return 200 "healthy\n";
+            add_header Content-Type text/plain;
+        }
+    }
+}