feat: guided web installer wizard (issue #191)

[evanoseen]

Summary

Implements the guided web installer wizard described in issue #191. Replaces the manual setup flow (git clone → npm install → set env vars → npm start) with a single-command bootstrap that opens a styled 7-step browser wizard on localhost:31338.

• install.sh — POSIX-compatible bootstrap for macOS + Linux; checks Node 18+ and Git, runs npm install, spawns installer server, opens browser
• install.ps1 — Windows PowerShell equivalent
• installer/server.js — Local HTTP server binding only to 127.0.0.1:31338; uses only Node built-ins (no new npm deps); serves the wizard and exposes 6 API endpoints
• installer/wizard.html — Self-contained dark-themed 7-step wizard (no external JS runtime deps)

What the user types

# Already have the repo:
./install.sh

# Fresh machine (inspect before running):
curl -sSL https://raw.githubusercontent.com/CPAtoCybersecurity/csf_profile/main/install.sh | bash

Wizard steps

Step	Description
1	System Detection — Node version, Git, existing .env.local
2	Prerequisites — npm deps, server status
3	Atlassian Credentials (optional) — Jira + Confluence URL/token with Test Connection
4	Demo Data — Alma Security demo or start blank
5	Encryption Setup (optional) — password or skip
6	Launch — kicks off npm start, polls until port 3000 responds
7	Done — link to http://localhost:3000, auto-opens browser

Security

• Server binds only to 127.0.0.1 — never 0.0.0.0
• Atlassian credential test proxied server-side (no CORS leakage)
• Existing .env.local backed up to .env.local.backup-{ISO_TIMESTAMP} before any overwrite
• Zero new npm packages added to package.json

Test plan

• Run bash install.sh from repo root on macOS — verify wizard opens at localhost:31338
• Run bash install.sh from repo root on Linux/Kali — verify wizard opens
• Run .\install.ps1 on Windows — verify wizard opens
• Walk all 7 wizard steps with valid Atlassian credentials
• Walk all 7 wizard steps skipping credentials (blank config)
• Confirm npm start stays running after wizard closes
• Confirm .env.local.backup-* created when overwriting existing .env.local
• Confirm no outbound connections from installer server (Wireshark/Charles)

Closes #191

🤖 Generated with Claude Code

[CPAtoCybersecurity]

Hey @evanoseen, please resolve the conflicts on this one too — but hold off until #187 is merged. This branch carries the same store-file edits as #187, so once #187 lands, most of the overlap here should go away.

After #187 is in:

git fetch origin
git checkout 191-guided-installer-wizard
git rebase origin/main
# resolve any remaining conflicts → git add → git rebase --continue
git push --force-with-lease

Once the rebase is clean, please re-walk the wizard test plan locally — CodeQL passed before, but a bad merge can break runtime even when the code still compiles. Keep the three commits intact (no squash) so the work stays reviewable. Note: comprehensiveAssessmentData.js (10k lines, brand new on main) isn't part of this branch and shouldn't show up as a conflict — if it does, flag it here before continuing.