Update integration tests to reflect new validation order and circuit
breaker integration in unfurl service.

Changes in post_creation_test.go:
- Fix content length validation test expectations
- Update validation order: basic input before DID authentication
- Adjust test assertions to match new error flow

Changes in post_unfurl_test.go:
- Update Kagi provider test to expect circuit breaker wrapper
- Fix provider name expectations in unfurl tests
- Ensure tests align with circuit breaker integration

These changes ensure all integration tests pass with the new validation
flow and circuit breaker implementation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Restore full aggregator authorization checks while maintaining the
special case for Kagi aggregator's thumbnail URL handling.

Changes:
- Restore aggregator DID validation in post creation flow
- Add distinction between Kagi (trusted) and other aggregators
- Map aggregator authorization errors to 403 Forbidden
- Maintain validation order: basic input -> DID auth -> aggregator check
- Keep Kagi special case for thumbnail URL transformation

Security improvements:
- All aggregator posts now require valid aggregator DID registration
- Kagi aggregator identified via KAGI_AGGREGATOR_DID environment variable
- Non-Kagi aggregators must follow standard thumbnail validation rules
- Unauthorized aggregator attempts return 403 with clear error message

This ensures only authorized aggregators can create posts while allowing
Kagi's existing thumbnail URL workflow to continue working.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Implement circuit breaker pattern to handle external provider failures
gracefully and prevent cascading failures when unfurl services are down.

Changes:
- Add circuit_breaker.go with state management (Closed, Open, HalfOpen)
- Implement automatic recovery with exponential backoff
- Add comprehensive circuit breaker unit tests
- Integrate circuit breaker into unfurl service
- Fix defer response.Body.Close() errors in providers
- Fix linting issues in kagi_test.go and opengraph_test.go

The circuit breaker tracks failures per provider and automatically opens
when failure threshold is reached, preventing wasted requests to failing
services. After a cooldown period, it transitions to half-open to test
if the service has recovered.

Configuration:
- Failure threshold: 5 consecutive failures
- Timeout: 10 seconds
- Reset timeout: 60 seconds (before attempting recovery)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Add community handles to all feed responses and refactor feed repositories

Features:
- Add handle field to communityRef lexicon and struct
- Select community handle in all feed SQL queries (community, timeline, discover)
- Populate handle in comment service post views
- Refactor feed_repo.go to use feedRepoBase (68% code reduction)
- Add HMAC-signed cursors for security

Improvements:
- Improved error handling for missing communities (ERROR log + fallback)
- Moved nullStringPtr helper to correct location
- Apply gofumpt formatting to entire codebase

All tests passing, linter checks pass, production-ready.

- Run gofumpt -l -w on all Go files
- Fix import statement formatting (blank lines between groups)
- Auto-fix via make lint-fix
- All linter checks now pass

No functional changes, formatting only

- Add cursorSecret parameter to all NewCommunityFeedRepository calls
- Use 'test-cursor-secret' for test environments
- Add assertions to verify community handle is present in responses
- All 10 feed integration tests pass with HMAC-signed cursors

- Capture community.Handle when fetching community data
- Set Handle field in CommunityRef struct
- Improve error handling for missing communities:
- Log as ERROR (not warning) for data integrity issues
- Use DID as fallback for handle/name to prevent API breakage
- Surfaces orphaned post issues in logs while maintaining resilience

Fixes: Community handle field empty in post views from comment service