flaskpaste: initial commit with security hardening

Features:
- REST API for text/binary pastes with MIME detection
- Client certificate auth via X-SSL-Client-SHA1 header
- SQLite with WAL mode for concurrent access
- Automatic paste expiry with LRU cleanup

Security:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options
- Cache-Control: no-store for sensitive responses
- X-Request-ID tracing for log correlation
- X-Proxy-Secret validation for defense-in-depth
- Parameterized queries, input validation
- Size limits (3 MiB anon, 50 MiB auth)

Includes /health endpoint, container support, and 70 tests.

compose.yaml

@@ -0,0 +1,38 @@
+# FlaskPaste Container Compose
+# Usage: podman-compose up -d
+# Or:    podman compose up -d
+
+services:
+  flaskpaste:
+    build:
+      context: .
+      dockerfile: Containerfile
+    container_name: flaskpaste
+    restart: unless-stopped
+    ports:
+      - "5000:5000"
+    volumes:
+      - flaskpaste-data:/app/data
+    environment:
+      - FLASK_ENV=production
+      - FLASKPASTE_EXPIRY=432000        # 5 days
+      - FLASKPASTE_MAX_ANON=3145728     # 3 MiB
+      - FLASKPASTE_MAX_AUTH=52428800    # 50 MiB
+    healthcheck:
+      test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:5000/health')"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 5s
+    deploy:
+      resources:
+        limits:
+          cpus: '1.0'
+          memory: 256M
+        reservations:
+          cpus: '0.25'
+          memory: 64M
+
+volumes:
+  flaskpaste-data:
+    driver: local