feat: native Headlamp integration, TrueNAS API, docs, and CI for v0.2.0

Native Headlamp integrations:
- registerResourceTableColumnsProcessor: add Protocol/Pool/Server columns to
  native StorageClass table and Protocol/Volume Handle to PV table
- registerDetailsViewSection: inject TNS-CSI section into PV detail pages
- registerDetailsViewSection: inject driver role/status into tns-csi Pod pages
- registerDetailsViewHeaderAction: Benchmark shortcut on StorageClass detail
- registerAppBarAction: driver health badge (N/Nc M/Mn, color-coded)
- Trim sidebar from 6 → 4 entries (Overview, Snapshots, Metrics, Benchmark)

TrueNAS API integration:
- src/api/truenas.ts: ConfigStore-backed settings, WebSocket JSON-RPC client
  for pool.query (auth.login_with_api_key + pool.query)
- src/components/TnsCsiSettings.tsx: API key + server override settings UI
  with connection test button
- TnsCsiDataContext: fetch real pool stats (size/allocated/free/status)
- OverviewPage: three-tier pool capacity display (real data → error → metrics
  fallback)

Documentation:
- README, CHANGELOG, CONTRIBUTING, SECURITY
- docs/: architecture, deployment (Helm), getting-started, user-guide,
  troubleshooting

CI:
- .github/workflows/ci.yaml: lint + type-check + test on PR/push
- .github/workflows/release.yaml: workflow_dispatch versioned release

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>

docs/deployment/helm.md

@@ -0,0 +1,154 @@
+# Deployment with Helm
+
+## Basic Helm Installation
+
+Add the Headlamp Helm repository and deploy with the plugin configured:
+
+```bash
+helm repo add headlamp https://headlamp-k8s.github.io/headlamp/
+helm repo update
+
+helm install headlamp headlamp/headlamp \
+  --namespace kube-system \
+  --create-namespace \
+  --set config.pluginsDir=/headlamp/plugins \
+  --set pluginsManager.sources[0].name=headlamp-tns-csi-plugin \
+  --set pluginsManager.sources[0].url=https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v0.1.0/headlamp-tns-csi-plugin-0.1.0.tar.gz
+```
+
+## Complete values.yaml Example
+
+```yaml
+# headlamp-values.yaml
+
+config:
+  pluginsDir: /headlamp/plugins
+
+pluginsManager:
+  sources:
+    - name: headlamp-tns-csi-plugin
+      url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v0.1.0/headlamp-tns-csi-plugin-0.1.0.tar.gz
+
+serviceAccount:
+  name: headlamp
+
+# Optional: OIDC authentication
+# oidcConfig:
+#   clientID: headlamp
+#   clientSecret: <your-secret>
+#   issuerURL: https://your-oidc-provider.example.com/
+#   scopes: "openid profile email groups"
+```
+
+Apply:
+
+```bash
+helm install headlamp headlamp/headlamp \
+  --namespace kube-system \
+  -f headlamp-values.yaml
+```
+
+## FluxCD HelmRelease
+
+```yaml
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: headlamp
+  namespace: kube-system
+spec:
+  interval: 12h
+  url: https://headlamp-k8s.github.io/headlamp/
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: headlamp
+  namespace: kube-system
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: headlamp
+      version: ">=0.26.0"
+      sourceRef:
+        kind: HelmRepository
+        name: headlamp
+        namespace: kube-system
+  values:
+    config:
+      pluginsDir: /headlamp/plugins
+    pluginsManager:
+      sources:
+        - name: headlamp-tns-csi-plugin
+          url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v0.1.0/headlamp-tns-csi-plugin-0.1.0.tar.gz
+```
+
+## RBAC Manifest (Apply Separately)
+
+After deploying Headlamp, apply the plugin's RBAC:
+
+```bash
+kubectl apply -f - <<'EOF'
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: headlamp-tns-csi-reader
+rules:
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses", "csidrivers"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes", "persistentvolumeclaims", "pods"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods/log", "pods/proxy"]
+    verbs: ["get"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots", "volumesnapshotclasses"]
+    verbs: ["get", "list", "watch"]
+  # Uncomment for Benchmark page:
+  # - apiGroups: ["batch"]
+  #   resources: ["jobs"]
+  #   verbs: ["get", "list", "watch", "create", "delete"]
+  # - apiGroups: [""]
+  #   resources: ["persistentvolumeclaims"]
+  #   verbs: ["create", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: headlamp-tns-csi
+subjects:
+  - kind: ServiceAccount
+    name: headlamp
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: headlamp-tns-csi-reader
+  apiGroup: rbac.authorization.k8s.io
+EOF
+```
+
+## Upgrading the Plugin
+
+To upgrade to a new plugin version, update the `url` in your values and apply:
+
+```bash
+helm upgrade headlamp headlamp/headlamp \
+  --namespace kube-system \
+  -f headlamp-values.yaml
+```
+
+Or update the FluxCD HelmRelease and let Flux reconcile.
+
+## Production Checklist
+
+- [ ] Headlamp v0.20+ deployed
+- [ ] Plugin installed and sidebar entry visible
+- [ ] RBAC ClusterRole and ClusterRoleBinding applied
+- [ ] tns-csi driver installed in `kube-system` with standard labels
+- [ ] Controller pod exposes port 8080 for Prometheus metrics
+- [ ] Headlamp accessible via HTTPS
+- [ ] (Optional) Snapshot CRD installed for Snapshots tab
+- [ ] (Optional) Benchmark namespace created and write RBAC applied