add rate limiting, CSRF, newsletter, auto-checker, /uses and /projects pages

templates/hire.html

@@ -49,6 +49,19 @@
     Pricing by project or hourly — contact me for details.
   </div>
 
+  <section class="subscribe-section">
+    <h2>Stay updated</h2>
+    <p>Occasional posts on OpenBSD, homelab builds, and infrastructure work. No spam.</p>
+    <form method="POST" action="/newsletter" class="subscribe-form">
+      <div class="hp-field" aria-hidden="true">
+        <label for="url">URL</label>
+        <input type="text" id="url" name="url" tabindex="-1" autocomplete="off">
+      </div>
+      <input type="email" name="email" placeholder="your@email.com" required autocomplete="email">
+      <button type="submit" class="btn btn-outline">Subscribe</button>
+    </form>
+  </section>
+
   <section class="contact-section">
     <h2>Get in touch</h2>
     <p>Tell me about your project or problem. I'll respond within one business day.</p>
@@ -61,6 +74,12 @@
     {{if .Error}}<p class="form-error">{{.Error}}</p>{{end}}
 
     <form method="POST" action="/hire" class="contact-form">
+      <input type="hidden" name="csrf_token" value="{{.CSRFToken}}">
+      {{/* Honeypot: hidden from humans, bots fill it in */}}
+      <div class="hp-field" aria-hidden="true">
+        <label for="website">Website</label>
+        <input type="text" id="website" name="website" tabindex="-1" autocomplete="off">
+      </div>
       <div class="form-group">
         <label for="name">Name <span class="required-mark">*</span></label>
         <input type="text" id="name" name="name" value="{{.Name}}" required autocomplete="name" placeholder="Jane Smith">