chore: initial project setup with backend, frontend, and infrastructure

Add complete NexaPantry application structure including:
- Docker Compose configuration with PostgreSQL, Redis, FastAPI backend, worker, frontend and Caddy
- Environment configuration template with database, auth, and service settings
- GitHub Actions CI workflow for backend/frontend linting, testing, auditing and Docker builds
- AGPL-3.0 license and comprehensive README with setup, development, and security documentation
- Backend

docs/security.md

@@ -0,0 +1,25 @@
+# Security Checklist
+
+- Passwords: Argon2id via Passlib.
+- Session: HttpOnly SameSite cookies with JWT payloads.
+- CSRF: double-submit token for unsafe API methods.
+- Tokens: invitation and reset tokens are random, expiring and stored as SHA-256 hashes.
+- SMTP secret: encrypted with Fernet.
+- CORS: explicit allowed origins only.
+- CSP: set by Caddy for the frontend surface.
+- IDOR: home-scoped APIs verify membership.
+- SQL injection: SQLAlchemy query builder and parameter binding.
+- Audit logs: admin and sensitive actions are recorded without secrets.
+- Rate limits: login, invite and reset-sensitive endpoints are throttled.
+
+Recommended external tools:
+
+```sh
+pip-audit
+bandit -r backend/app
+npm audit --audit-level=moderate
+gitleaks detect --source .
+trivy fs .
+trivy image <image>
+```
+