GitLab

Adds 17 new captures and reworks the gallery into five sections:

  01-24 top-level pages (now includes /theme)
  25-33 detail pages with row ids (assessment, finding, scan, flow,
        AI prompt) plus SCA log/config and /admin/branding -- ids are
        scraped from the matching listing pages at run time
  40-41 TOTP walkthrough -- /security in "not enrolled" + the
        post-enroll QR/secret state. The verify form is never
        submitted, so no DB rows are touched; the QR + secret are
        also blacked out via PIL with a labelled overlay.
  50-51 SAML 2.0 SSO walkthrough -- /admin/sso with Generic labels
        and again with the "Use Okta" radio toggled on (pure
        client-side relabel, no POST).
  60-63 Theme walkthrough -- /theme in dark, in light, and the
        dashboard + assessments list re-rendered in light mode. The
        theme flip is wrapped in try/finally so a mid-run crash
        still restores the operator's account to dark.

PII redaction is built into capture.py: the username column on
/admin/users is blacked out per row using bounding boxes measured
against the live DOM, and the TOTP secret regions are blacked out
with hard-coded coordinates matching the 1440x900 capture viewport.

Pillow is now required alongside playwright; both are pip-only.

screenshots/ is documentation-only -- still not referenced from any
COPY in the Dockerfile, so the runtime image footprint is unchanged.