Add comprehensive login page customization options

[strickvl]

This PR adds comprehensive customization options for the login page, allowing users to customize all text elements through CLI arguments, environment variables, or config files.

🎯 Key Features

• Complete login customization - Every text element can be customized
• Multiple configuration methods - CLI args, environment variables, YAML config
• Docker-friendly - Perfect for containerized deployments with env vars
• Corporate branding - Customize titles, messages, and error text
• Security-first - All user input is HTML-escaped to prevent XSS
• Backwards compatible - Existing --app-name/--welcome-text unchanged

📋 New CLI Options

--login-title                      # Custom login page title
--login-below                      # Custom text below login title  
--password-placeholder             # Custom password field placeholder
--submit-text                      # Custom submit button text
--login-password-msg               # Custom config file password message
--login-env-password-msg           # Custom env password message
--login-hashed-password-msg        # Custom hashed password message
--login-rate-limit-msg             # Custom rate limiting message
--missing-password-msg             # Custom missing password error
--incorrect-password-msg           # Custom incorrect password error

🐳 Environment Variables

All CLI options have corresponding CS_* environment variables:

CS_LOGIN_TITLE, CS_LOGIN_BELOW, CS_PASSWORD_PLACEHOLDER, CS_SUBMIT_TEXT
CS_LOGIN_PASSWORD_MSG, CS_LOGIN_ENV_PASSWORD_MSG, CS_LOGIN_HASHED_PASSWORD_MSG  
CS_LOGIN_RATE_LIMIT_MSG, CS_MISSING_PASSWORD_MSG, CS_INCORRECT_PASSWORD_MSG

💼 Use Cases

Docker deployment with branding:

docker run -e CS_LOGIN_TITLE="ACME Corp Portal" \
           -e CS_LOGIN_ENV_PASSWORD_MSG="Contact IT for access" \
           -e CS_PASSWORD_PLACEHOLDER="Corporate ID" \
           codercom/code-server:latest

Corporate error messages:

code-server --missing-password-msg="Please enter your employee ID" \
           --incorrect-password-msg="Invalid credentials. Contact support."

🔧 Implementation Details

• Priority order: CLI args → env vars → config file → i18n defaults
• HTML escaping: All custom messages are automatically escaped for security
• Internationalization: Non-customized messages still use locale files
• Config file support: All options work in YAML config files
• Testing: Comprehensive unit and integration tests added

🧪 Test Plan

• CLI argument parsing for all new options
• Environment variable processing
• Config file YAML support
• HTML output correctness (titles, placeholders, buttons)
• HTML escaping security (XSS prevention)
• Error message customization
• Backwards compatibility with existing options
• Internationalization preservation
• Priority order (CLI > env > config > defaults)

📚 Documentation

• Updated docs/install.md with Docker customization examples
• Enhanced docs/FAQ.md with login customization section
• Added comprehensive docs/customization.md guide
• Updated main docs/README.md with link to customization guide

This enables powerful branding and customization for enterprise deployments while maintaining full backwards compatibility.

[code-asher]

Thank you for the contribution!

Thinking out loud, my first impression is that the flags are not scaling well. Since we have this concept of language files that we can use for strings in the app, I wonder if we can re-use this for user-provided strings as well? Maybe we have a flag that accepts a json file (or accepts raw json itself) and then we can pass that to the i18n library (merged with the default language file).

Then, all strings, including future ones, will automatically be available for configuration. What do you think?

We could then also deprecate --welcome-msg and --app-name.

[strickvl]

Sounds good. I'll work on that change.