Refactor into production-ready CLI service

[VectoDE]

Summary

• replace the ad-hoc main program with a modular CLI entry point that wires configuration, logging, password policy, generator, and HIBP client dependencies
• introduce structured configuration loading, password policy evaluation, secure password generator, and breach-checking service layers with unit tests
• rebuild the command-line experience with sub-commands, interactive mode, and documentation updates for enterprise-ready workflows

Testing

• go test ./...

---

https://chatgpt.com/codex/tasks/task_e_68f70db813ac832cad6c7e340102825b

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Fail fast on 404 responses from breach API

The pwned-password client treats an HTTP 404 from the HIBP endpoint as “not breached” and returns false without error. The range API does not return 404 for safe passwords—404 is far more likely when the base URL is wrong or the service is unavailable. With the current logic, any misconfiguration or upstream routing issue silently produces a false negative, which undermines the whole breach check. Consider returning an error for 404 (similar to other non-200 codes) so callers can surface the failure instead of reporting a clean password.

Useful? React with 👍 / 👎.