fix: resolve frontend-to-backend mapping gaps across API types, config fields, and issuer IDs

Full audit of all ~100 backend API endpoints against frontend client functions
and TypeScript interfaces. Fixes field name mismatches, missing client functions,
phantom interface fields, type coercion for Go bool/int config fields, and
issuer type ID alignment with backend domain constants.

Backend:
- issuer.go/target.go: GUI-created entities default enabled=true (Go bool
  zero value was overriding DB DEFAULT)

Frontend types (types.ts):
- Certificate: fingerprint→fingerprint_sha256, phantom fields made optional
- CertificateVersion: fingerprint→fingerprint_sha256, chain_pem→pem_chain,
  removed phantom version/cert_pem fields
- Job: error_message→last_error (matches Go json tag)

Frontend client (client.ts):
- Added getNotification(id) and getAuditEvent(id) for existing backend routes

Frontend pages:
- CertificateDetailPage: derives serial/fingerprint/issuedAt from latest
  CertificateVersion instead of empty Certificate fields
- JobsPage/JobDetailPage: error_message→last_error
- TargetsPage: reload_cmd→reload_command, validate_cmd→validate_command,
  added missing config fields per backend structs (validate_command for
  NGINX/Apache, hostname/winrm_timeout for IIS, private_key/passphrase/
  cert_mode/key_mode for SSH, winrm_https/winrm_insecure for WinCertStore,
  create_keystore for JavaKeystore, mode for Dovecot), type coercion via
  buildConfigPayload() with BOOL_FIELDS/INT_FIELDS sets, IIS WinRM nesting
- TargetDetailPage: added passphrase to sensitiveKeys redaction
- issuerTypes.ts: type IDs aligned to backend constants (acme→ACME,
  local→GenericCA, stepca→StepCA, openssl→OpenSSL), backward compat aliases
  preserved, step-ca config fields updated to match backend struct

Utilities (utils.ts):
- formatDate/formatDateTime accept string|undefined|null

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

web/src/pages/CertificateDetailPage.tsx

@@ -60,7 +60,7 @@ function TimelineStep({ label, status, time, isLast }: { label: string; status:
   );
 }
 
-function DeploymentTimeline({ certId, certStatus, createdAt, issuedAt }: { certId: string; certStatus: string; createdAt: string; issuedAt: string }) {
+function DeploymentTimeline({ certId, certStatus, createdAt, issuedAt }: { certId: string; certStatus: string; createdAt: string; issuedAt?: string }) {
   const { data: jobsData } = useQuery({
     queryKey: ['jobs', { certificate_id: certId }],
     queryFn: () => getJobs({ certificate_id: certId }),
@@ -372,6 +372,12 @@ export default function CertificateDetailPage() {
     );
   }
 
+  // Derive certificate metadata from latest version (backend doesn't include these on the cert object)
+  const latestVersion = versions?.data?.[0];
+  const serialNumber = cert.serial_number || latestVersion?.serial_number;
+  const fingerprintSha256 = cert.fingerprint_sha256 || latestVersion?.fingerprint_sha256;
+  const issuedAt = cert.issued_at || latestVersion?.not_before;
+
   const days = daysUntil(cert.expires_at);
   const isRevoked = cert.status === 'Revoked';
   const isArchived = cert.status === 'Archived';
@@ -492,7 +498,7 @@ export default function CertificateDetailPage() {
         )}
 
         {/* Deployment Status Timeline */}
-        <DeploymentTimeline certId={id!} certStatus={cert.status} createdAt={cert.created_at} issuedAt={cert.issued_at} />
+        <DeploymentTimeline certId={id!} certStatus={cert.status} createdAt={cert.created_at} issuedAt={issuedAt} />
 
         <div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
           {/* Certificate Info */}
@@ -518,9 +524,9 @@ export default function CertificateDetailPage() {
                 })}
               </span>
             ) : '—'} />
-            <InfoRow label="Serial Number" value={cert.serial_number || '—'} />
+            <InfoRow label="Serial Number" value={serialNumber || '—'} />
             <InfoRow label="Fingerprint" value={
-              cert.fingerprint ? <span className="font-mono text-xs">{cert.fingerprint.slice(0, 24)}...</span> : '—'
+              fingerprintSha256 ? <span className="font-mono text-xs">{fingerprintSha256.slice(0, 24)}...</span> : '—'
             } />
             <InfoRow label="Key Algorithm" value={cert.key_algorithm || '—'} />
             <InfoRow label="Key Size" value={cert.key_size ? `${cert.key_size} bits` : '—'} />
@@ -556,7 +562,7 @@ export default function CertificateDetailPage() {
           {/* Lifecycle */}
           <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
             <h3 className="text-sm font-semibold text-ink-muted mb-4">Lifecycle</h3>
-            <InfoRow label="Issued" value={formatDate(cert.issued_at)} />
+            <InfoRow label="Issued" value={formatDate(issuedAt)} />
             <InfoRow label="Expires" value={
               <span className={isRevoked ? 'text-red-600 line-through' : expiryColor(days)}>
                 {formatDate(cert.expires_at)} ({days <= 0 ? 'expired' : `${days} days`})
@@ -615,7 +621,7 @@ export default function CertificateDetailPage() {
                 <div key={v.id} className="flex items-center justify-between py-2 border-b border-surface-border/50 last:border-0">
                   <div>
                     <div className="flex items-center gap-2">
-                      <span className="text-sm text-ink">Version {v.version}</span>
+                      <span className="text-sm text-ink">Version {versions.data.length - idx}</span>
                       {idx === 0 && <span className="text-xs bg-brand-100 text-brand-700 px-1.5 py-0.5 rounded">Current</span>}
                     </div>
                     <div className="text-xs text-ink-faint font-mono">{v.serial_number}</div>