feat: M10 — agent metadata collection, Apache httpd + HAProxy target connectors

Agents now report OS, architecture, IP address, hostname, and version
via heartbeat using runtime.GOOS, runtime.GOARCH, and net.Dial. New
migration adds columns to agents table. Heartbeat handler, service,
and repository updated to accept and persist metadata. GUI shows
OS/Arch in agent list and full system info in agent detail page.

Apache httpd connector: separate cert/chain/key files, apachectl
configtest validation, graceful reload. HAProxy connector: combined
PEM file (cert+chain+key), optional config validation, reload.
Both wired into agent binary's target connector switch.

14 tests for new connectors. All existing tests updated for new
Heartbeat/UpdateHeartbeat signatures. Docs updated across README,
architecture, concepts, and connectors guides.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

migrations/000002_agent_metadata.down.sql

@@ -0,0 +1,9 @@
+-- Rollback: remove agent metadata columns
+
+DROP INDEX IF EXISTS idx_agents_os;
+DROP INDEX IF EXISTS idx_agents_architecture;
+
+ALTER TABLE agents DROP COLUMN IF EXISTS os;
+ALTER TABLE agents DROP COLUMN IF EXISTS architecture;
+ALTER TABLE agents DROP COLUMN IF EXISTS ip_address;
+ALTER TABLE agents DROP COLUMN IF EXISTS version;

migrations/000002_agent_metadata.up.sql

@@ -0,0 +1,10 @@
+-- Add agent metadata columns for M10: Agent Metadata + Targets
+-- Agents report OS, platform, architecture, and IP address via heartbeat
+
+ALTER TABLE agents ADD COLUMN IF NOT EXISTS os VARCHAR(100) DEFAULT '';
+ALTER TABLE agents ADD COLUMN IF NOT EXISTS architecture VARCHAR(100) DEFAULT '';
+ALTER TABLE agents ADD COLUMN IF NOT EXISTS ip_address VARCHAR(45) DEFAULT '';
+ALTER TABLE agents ADD COLUMN IF NOT EXISTS version VARCHAR(50) DEFAULT '';
+
+CREATE INDEX IF NOT EXISTS idx_agents_os ON agents(os);
+CREATE INDEX IF NOT EXISTS idx_agents_architecture ON agents(architecture);

migrations/seed_demo.sql

@@ -36,12 +36,12 @@ INSERT INTO issuers (id, name, type, config, enabled, created_at, updated_at) VA
 ON CONFLICT (id) DO NOTHING;
 
 -- Agents
-INSERT INTO agents (id, name, hostname, status, last_heartbeat_at, registered_at, api_key_hash) VALUES
-  ('ag-web-prod',    'web-prod-agent',    'web-prod-01.internal',    'online',  NOW() - INTERVAL '30 seconds',  NOW() - INTERVAL '90 days', 'demo_hash_1'),
-  ('ag-web-staging', 'web-staging-agent', 'web-stg-01.internal',    'online',  NOW() - INTERVAL '45 seconds',  NOW() - INTERVAL '60 days', 'demo_hash_2'),
-  ('ag-lb-prod',     'lb-prod-agent',     'f5-prod-01.internal',    'online',  NOW() - INTERVAL '15 seconds',  NOW() - INTERVAL '120 days', 'demo_hash_3'),
-  ('ag-iis-prod',    'iis-prod-agent',    'iis-prod-01.internal',   'offline', NOW() - INTERVAL '3 hours',     NOW() - INTERVAL '30 days', 'demo_hash_4'),
-  ('ag-data-prod',   'data-prod-agent',   'data-prod-01.internal',  'online',  NOW() - INTERVAL '20 seconds',  NOW() - INTERVAL '45 days', 'demo_hash_5')
+INSERT INTO agents (id, name, hostname, status, last_heartbeat_at, registered_at, api_key_hash, os, architecture, ip_address, version) VALUES
+  ('ag-web-prod',    'web-prod-agent',    'web-prod-01.internal',    'online',  NOW() - INTERVAL '30 seconds',  NOW() - INTERVAL '90 days', 'demo_hash_1', 'linux', 'amd64', '10.0.1.10', '1.0.0'),
+  ('ag-web-staging', 'web-staging-agent', 'web-stg-01.internal',    'online',  NOW() - INTERVAL '45 seconds',  NOW() - INTERVAL '60 days', 'demo_hash_2', 'linux', 'amd64', '10.0.2.20', '1.0.0'),
+  ('ag-lb-prod',     'lb-prod-agent',     'f5-prod-01.internal',    'online',  NOW() - INTERVAL '15 seconds',  NOW() - INTERVAL '120 days', 'demo_hash_3', 'linux', 'amd64', '10.0.1.50', '1.0.0'),
+  ('ag-iis-prod',    'iis-prod-agent',    'iis-prod-01.internal',   'offline', NOW() - INTERVAL '3 hours',     NOW() - INTERVAL '30 days', 'demo_hash_4', 'windows', 'amd64', '10.0.3.15', '1.0.0'),
+  ('ag-data-prod',   'data-prod-agent',   'data-prod-01.internal',  'online',  NOW() - INTERVAL '20 seconds',  NOW() - INTERVAL '45 days', 'demo_hash_5', 'linux', 'arm64', '10.0.4.30', '1.0.0')
 ON CONFLICT (id) DO NOTHING;
 
 -- Deployment Targets