docs: add certificate lifespan timeline diagram to README

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

README.md

@@ -2,6 +2,17 @@
 
 91 API endpoints. 21 database tables. 900+ tests. Full GUI. Ships with Docker Compose.
 
+```mermaid
+timeline
+    title TLS Certificate Maximum Lifespan (CA/Browser Forum Ballot SC-081v3)
+    2015 : 5 years
+    2018 : 825 days
+    2020 : 398 days
+    March 2026 : 200 days
+    March 2027 : 100 days
+    March 2029 : 47 days
+```
+
 TLS certificate lifespans are shrinking fast. The CA/Browser Forum passed [Ballot SC-081v3](https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/) unanimously in April 2025, setting a phased reduction: **200 days** by March 2026, **100 days** by March 2027, and **47 days** by March 2029. Organizations managing dozens or hundreds of certificates can no longer rely on spreadsheets, calendar reminders, or manual renewal workflows. The math doesn't work — at 47-day lifespans, a team managing 100 certificates is processing 7+ renewals per week, every week, forever.
 
 certctl is a self-hosted platform that automates the entire certificate lifecycle — from issuance through renewal to deployment — with zero human intervention. It works with any certificate authority, deploys to any server, and keeps private keys on your infrastructure where they belong.