style: run gofmt -s across all Go files

Fixes Go Report Card gofmt score from 52% to 100%.
Pure formatting changes — no logic modifications.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

internal/connector/target/f5/f5.go

@@ -13,12 +13,12 @@ import (
 
 // Config represents the F5 BIG-IP deployment target configuration.
 type Config struct {
-	Host        string `json:"host"`         // F5 BIG-IP hostname or IP
-	Port        int    `json:"port"`         // F5 iControl REST API port (default 443)
-	Username    string `json:"username"`     // Administrative username
-	Password    string `json:"password"`     // Administrative password
-	Partition   string `json:"partition"`    // F5 partition name (e.g., "Common")
-	SSLProfile  string `json:"ssl_profile"`  // SSL profile name to update
+	Host       string `json:"host"`        // F5 BIG-IP hostname or IP
+	Port       int    `json:"port"`        // F5 iControl REST API port (default 443)
+	Username   string `json:"username"`    // Administrative username
+	Password   string `json:"password"`    // Administrative password
+	Partition  string `json:"partition"`   // F5 partition name (e.g., "Common")
+	SSLProfile string `json:"ssl_profile"` // SSL profile name to update
 }
 
 // Connector implements the target.Connector interface for F5 BIG-IP load balancers.
@@ -138,10 +138,10 @@ func (c *Connector) DeployCertificate(ctx context.Context, request target.Deploy
 		Message:       "Certificate deployment to F5 initiated (stub)",
 		DeployedAt:    time.Now(),
 		Metadata: map[string]string{
-			"host":         c.config.Host,
-			"partition":    c.config.Partition,
-			"ssl_profile":  c.config.SSLProfile,
-			"duration_ms":  fmt.Sprintf("%d", deploymentDuration.Milliseconds()),
+			"host":        c.config.Host,
+			"partition":   c.config.Partition,
+			"ssl_profile": c.config.SSLProfile,
+			"duration_ms": fmt.Sprintf("%d", deploymentDuration.Milliseconds()),
 		},
 	}, nil
 }

internal/connector/target/iis/iis.go

@@ -14,10 +14,10 @@ import (
 // Config represents the IIS deployment target configuration.
 // This configuration is for Windows agents that manage IIS servers.
 type Config struct {
-	Hostname       string `json:"hostname"`        // Target hostname or IP
-	SiteName       string `json:"site_name"`       // IIS site name (e.g., "Default Web Site")
-	CertStore      string `json:"cert_store"`      // Windows cert store (e.g., "My", "WebHosting")
-	BindingInfo    string `json:"binding_info"`    // Binding info (e.g., "*.example.com")
+	Hostname    string `json:"hostname"`     // Target hostname or IP
+	SiteName    string `json:"site_name"`    // IIS site name (e.g., "Default Web Site")
+	CertStore   string `json:"cert_store"`   // Windows cert store (e.g., "My", "WebHosting")
+	BindingInfo string `json:"binding_info"` // Binding info (e.g., "*.example.com")
 }
 
 // Connector implements the target.Connector interface for IIS (Internet Information Services).
@@ -86,12 +86,12 @@ func (c *Connector) ValidateConfig(ctx context.Context, rawConfig json.RawMessag
 // the IIS binding to use the new certificate.
 //
 // The IIS deployment process (via PowerShell):
-// 1. Create a temporary PFX file from the certificate and existing private key
-//    (Note: The private key is managed by the agent, not provided by the control plane)
-// 2. Import the PFX to the Windows certificate store (My store by default)
-// 3. Get the certificate thumbprint
-// 4. Update the IIS binding to use the new certificate by thumbprint
-// 5. Verify the binding is active
+//  1. Create a temporary PFX file from the certificate and existing private key
+//     (Note: The private key is managed by the agent, not provided by the control plane)
+//  2. Import the PFX to the Windows certificate store (My store by default)
+//  3. Get the certificate thumbprint
+//  4. Update the IIS binding to use the new certificate by thumbprint
+//  5. Verify the binding is active
 //
 // TODO: Implement actual PowerShell commands:
 // - Import-PfxCertificate -FilePath {pfxPath} -CertStoreLocation "Cert:\LocalMachine\My"
@@ -128,10 +128,10 @@ func (c *Connector) DeployCertificate(ctx context.Context, request target.Deploy
 		Message:       "Certificate deployment to IIS initiated (stub)",
 		DeployedAt:    time.Now(),
 		Metadata: map[string]string{
-			"hostname":     c.config.Hostname,
-			"site_name":    c.config.SiteName,
-			"cert_store":   c.config.CertStore,
-			"duration_ms":  fmt.Sprintf("%d", deploymentDuration.Milliseconds()),
+			"hostname":    c.config.Hostname,
+			"site_name":   c.config.SiteName,
+			"cert_store":  c.config.CertStore,
+			"duration_ms": fmt.Sprintf("%d", deploymentDuration.Milliseconds()),
 		},
 	}, nil
 }

internal/connector/target/interface.go

@@ -23,37 +23,37 @@ type Connector interface {
 // In agent keygen mode, KeyPEM is populated from the agent's local key store.
 // In server keygen mode (demo only), KeyPEM may be empty if the key was embedded in the cert version.
 type DeploymentRequest struct {
-	CertPEM       string          `json:"cert_pem"`
-	KeyPEM        string          `json:"key_pem,omitempty"`
-	ChainPEM      string          `json:"chain_pem"`
-	TargetConfig  json.RawMessage `json:"target_config"`
-	Metadata      map[string]string `json:"metadata,omitempty"`
+	CertPEM      string            `json:"cert_pem"`
+	KeyPEM       string            `json:"key_pem,omitempty"`
+	ChainPEM     string            `json:"chain_pem"`
+	TargetConfig json.RawMessage   `json:"target_config"`
+	Metadata     map[string]string `json:"metadata,omitempty"`
 }
 
 // DeploymentResult contains the result of a successful certificate deployment.
 type DeploymentResult struct {
-	Success       bool      `json:"success"`
-	TargetAddress string    `json:"target_address"`
-	DeploymentID  string    `json:"deployment_id"`
-	Message       string    `json:"message"`
-	DeployedAt    time.Time `json:"deployed_at"`
+	Success       bool              `json:"success"`
+	TargetAddress string            `json:"target_address"`
+	DeploymentID  string            `json:"deployment_id"`
+	Message       string            `json:"message"`
+	DeployedAt    time.Time         `json:"deployed_at"`
 	Metadata      map[string]string `json:"metadata,omitempty"`
 }
 
 // ValidationRequest contains the parameters for validating a deployed certificate.
 type ValidationRequest struct {
-	CertificateID string          `json:"certificate_id"`
-	Serial        string          `json:"serial"`
-	TargetConfig  json.RawMessage `json:"target_config"`
+	CertificateID string            `json:"certificate_id"`
+	Serial        string            `json:"serial"`
+	TargetConfig  json.RawMessage   `json:"target_config"`
 	Metadata      map[string]string `json:"metadata,omitempty"`
 }
 
 // ValidationResult contains the result of a certificate validation check.
 type ValidationResult struct {
-	Valid         bool      `json:"valid"`
-	Serial        string    `json:"serial"`
-	TargetAddress string    `json:"target_address"`
-	Message       string    `json:"message"`
-	ValidatedAt   time.Time `json:"validated_at"`
+	Valid         bool              `json:"valid"`
+	Serial        string            `json:"serial"`
+	TargetAddress string            `json:"target_address"`
+	Message       string            `json:"message"`
+	ValidatedAt   time.Time         `json:"validated_at"`
 	Metadata      map[string]string `json:"metadata,omitempty"`
 }

internal/connector/target/nginx/nginx.go

@@ -15,10 +15,10 @@ import (
 // Config represents the NGINX deployment target configuration.
 // This configuration is used on the agent side to deploy certificates to NGINX.
 type Config struct {
-	CertPath       string `json:"cert_path"`        // Path where cert will be written (typically /etc/nginx/certs/cert.pem)
-	KeyPath        string `json:"key_path"`         // Path where private key will be written (NOT provided by control plane)
-	ChainPath      string `json:"chain_path"`       // Path where chain will be written (typically /etc/nginx/certs/chain.pem)
-	ReloadCommand  string `json:"reload_command"`   // Command to reload NGINX (e.g., "nginx -s reload" or "systemctl reload nginx")
+	CertPath        string `json:"cert_path"`        // Path where cert will be written (typically /etc/nginx/certs/cert.pem)
+	KeyPath         string `json:"key_path"`         // Path where private key will be written (NOT provided by control plane)
+	ChainPath       string `json:"chain_path"`       // Path where chain will be written (typically /etc/nginx/certs/chain.pem)
+	ReloadCommand   string `json:"reload_command"`   // Command to reload NGINX (e.g., "nginx -s reload" or "systemctl reload nginx")
 	ValidateCommand string `json:"validate_command"` // Command to validate NGINX config (e.g., "nginx -t")
 }
 
@@ -157,9 +157,9 @@ func (c *Connector) DeployCertificate(ctx context.Context, request target.Deploy
 		Message:       "Certificate deployed and NGINX reloaded successfully",
 		DeployedAt:    time.Now(),
 		Metadata: map[string]string{
-			"cert_path":     c.config.CertPath,
-			"chain_path":    c.config.ChainPath,
-			"duration_ms":   fmt.Sprintf("%d", deploymentDuration.Milliseconds()),
+			"cert_path":   c.config.CertPath,
+			"chain_path":  c.config.ChainPath,
+			"duration_ms": fmt.Sprintf("%d", deploymentDuration.Milliseconds()),
 		},
 	}, nil
 }