Add HTMX-based UI templates and handlers for account and audit management

- Introduced `web/templates/` for HTMX-fragmented pages (`dashboard`, `accounts`, `account_detail`, `error_fragment`, etc.).
- Implemented UI routes for account CRUD, audit log display, and login/logout with CSRF protection.
- Added `internal/ui/` package for handlers, CSRF manager, session validation, and token issuance.
- Updated documentation to include new UI features and templates directory structure.
- Security: Double-submit CSRF cookies, constant-time HMAC validation, login password/Argon2id re-verification at all steps to prevent bypass.

README.md

@@ -174,7 +174,7 @@ make docker     # build Docker image mcias:<version>
 ```sh
 TOKEN=$(curl -sk https://localhost:8443/v1/auth/login \
   -d '{"username":"admin","password":"..."}' | jq -r .token)
-export MCIAS_TOKEN=$token
+export MCIAS_TOKEN=$TOKEN
 
 mciasctl -server https://localhost:8443 account list
 mciasctl account create -username alice -password s3cr3t
@@ -192,7 +192,7 @@ See `man mciasctl` for the full reference.
 
 ```sh
 export MCIAS_MASTER_PASSPHRASE=your-passphrase
-CONF<<3C>--config /etc/mcias/mcias.conf
+CONF="--config /etc/mcias/mcias.conf"
 
 mciasdb $CONF schema verify
 mciasdb $CONF account list
@@ -288,4 +288,4 @@ man mciasgrpcctl  # gRPC admin CLI
 - Credential fields never appear in any API response.
 - TLS 1.2 minimum protocol version.
 
-See [ARCHITECTURE.md](ARCHITECTURE.md) §2-³3 for the full security model.
+See [ARCHITECTURE.md](ARCHITECTURE.md) §2–3 for the full security model.