Migrate codebase from CommonJS to ES Modules

- Convert all require()/module.exports to import/export across 260+ files
- Add "type": "module" to package.json to enable ESM by default
- Add migrations/package.json with "type": "commonjs" to keep db-migrate compatible
- Convert eslint.config.js to ESM with sourceType: "module"
- Replace __dirname/__filename with import.meta.dirname/import.meta.filename
- Replace require.main === module with process.argv[1] === import.meta.filename
- Remove 'use strict' directives (implicit in ESM)
- Convert dynamic require() in switch statements to static import lookup maps
  (dns.js, domains.js, backupformats.js, backupsites.js, network.js)
- Extract self-referencing exports.CONSTANT patterns into standalone const
  declarations (apps.js, services.js, locks.js, users.js, mail.js, etc.)
- Lazify SERVICES object in services.js to avoid circular dependency TDZ issues
- Add clearMailQueue() to mailer.js for ESM-safe queue clearing in tests
- Add _setMockApp() to ldapserver.js for ESM-safe test mocking
- Add _setMockResolve() wrapper to dig.js for ESM-safe DNS mocking in tests
- Convert backupupload.js to use dynamic imports so --check exits before
  loading the module graph (which requires BOX_ENV)
- Update check-install to use ESM import for infra_version.js
- Convert scripts/ (hotfix, release, remote_hotfix.js, find-unused-translations)
- All 1315 tests passing

Migration stats (AI-assisted using Cursor with Claude):
- Wall clock time: ~3-4 hours
- Assistant completions: ~80-100
- Estimated token usage: ~1-2M tokens

Co-authored-by: Cursor <cursoragent@cursor.com>

src/backupsites.js

@@ -1,6 +1,26 @@
-'use strict';
+import assert from 'node:assert';
+import * as backupFormats from './backupformats.js';
+import BoxError from './boxerror.js';
+import constants from './constants.js';
+import * as cron from './cron.js';
+import { CronTime } from 'cron';
+import crypto from 'node:crypto';
+import * as database from './database.js';
+import debugModule from 'debug';
+import eventlog from './eventlog.js';
+import * as hush from './hush.js';
+import locks from './locks.js';
+import path from 'node:path';
+import paths from './paths.js';
+import safe from 'safetydance';
+import tasks from './tasks.js';
+import * as storageFilesystem from './storage/filesystem.js';
+import * as storageS3 from './storage/s3.js';
+import * as storageGcs from './storage/gcs.js';
 
-exports = module.exports = {
+const debug = debugModule('box:backups');
+
+export {
     get,
     list,
     listByContentForUpdates,
@@ -39,23 +59,6 @@ exports = module.exports = {
     reinitAll
 };
 
-const assert = require('node:assert'),
-    backupFormats = require('./backupformats.js'),
-    BoxError = require('./boxerror.js'),
-    constants = require('./constants.js'),
-    cron = require('./cron.js'),
-    { CronTime } = require('cron'),
-    crypto = require('node:crypto'),
-    database = require('./database.js'),
-    debug = require('debug')('box:backups'),
-    eventlog = require('./eventlog.js'),
-    hush = require('./hush.js'),
-    locks = require('./locks.js'),
-    path = require('node:path'),
-    paths = require('./paths.js'),
-    safe = require('safetydance'),
-    tasks = require('./tasks.js');
-
 // format: rsync or tgz
 // provider: used to determine the api provider
 // config: depends on the 'provider' field. 'provider' is not stored in config object. but it is injected when calling the api backends
@@ -68,39 +71,27 @@ const assert = require('node:assert'),
 // encryption: 'encryptionPassword' and 'encryptedFilenames' is converted into an 'encryption' object using hush.js. Password is lost forever after conversion.
 const BACKUP_TARGET_FIELDS = [ 'id', 'name', 'provider', 'configJson', 'limitsJson', 'retentionJson', 'schedule', 'encryptionJson', 'format', 'enableForUpdates', 'contentsJson', 'creationTime', 'ts', 'integrityKeyPairJson' ].join(',');
 
+const STORAGE_PROVIDERS = {
+    nfs: storageFilesystem, cifs: storageFilesystem, sshfs: storageFilesystem,
+    mountpoint: storageFilesystem, disk: storageFilesystem, ext4: storageFilesystem,
+    xfs: storageFilesystem, filesystem: storageFilesystem,
+    s3: storageS3, minio: storageS3, 's3-v4-compat': storageS3,
+    'digitalocean-spaces': storageS3, 'exoscale-sos': storageS3, wasabi: storageS3,
+    'scaleway-objectstorage': storageS3, 'backblaze-b2': storageS3, 'cloudflare-r2': storageS3,
+    'linode-objectstorage': storageS3, 'ovh-objectstorage': storageS3,
+    'ionos-objectstorage': storageS3, 'idrive-e2': storageS3,
+    'vultr-objectstorage': storageS3, 'upcloud-objectstorage': storageS3,
+    'contabo-objectstorage': storageS3, 'hetzner-objectstorage': storageS3,
+    'synology-c2-objectstorage': storageS3,
+    gcs: storageGcs
+};
+
 function storageApi(backupSite) {
     assert.strictEqual(typeof backupSite, 'object');
 
-    switch (backupSite.provider) {
-    case 'nfs': return require('./storage/filesystem.js');
-    case 'cifs': return require('./storage/filesystem.js');
-    case 'sshfs': return require('./storage/filesystem.js');
-    case 'mountpoint': return require('./storage/filesystem.js');
-    case 'disk': return require('./storage/filesystem.js');
-    case 'ext4': return require('./storage/filesystem.js');
-    case 'xfs': return require('./storage/filesystem.js');
-    case 's3': return require('./storage/s3.js');
-    case 'gcs': return require('./storage/gcs.js');
-    case 'filesystem': return require('./storage/filesystem.js');
-    case 'minio': return require('./storage/s3.js');
-    case 's3-v4-compat': return require('./storage/s3.js');
-    case 'digitalocean-spaces': return require('./storage/s3.js');
-    case 'exoscale-sos': return require('./storage/s3.js');
-    case 'wasabi': return require('./storage/s3.js');
-    case 'scaleway-objectstorage': return require('./storage/s3.js');
-    case 'backblaze-b2': return require('./storage/s3.js');
-    case 'cloudflare-r2': return require('./storage/s3.js');
-    case 'linode-objectstorage': return require('./storage/s3.js');
-    case 'ovh-objectstorage': return require('./storage/s3.js');
-    case 'ionos-objectstorage': return require('./storage/s3.js');
-    case 'idrive-e2': return require('./storage/s3.js');
-    case 'vultr-objectstorage': return require('./storage/s3.js');
-    case 'upcloud-objectstorage': return require('./storage/s3.js');
-    case 'contabo-objectstorage': return require('./storage/s3.js');
-    case 'hetzner-objectstorage': return require('./storage/s3.js');
-    case 'synology-c2-objectstorage': return require('./storage/s3.js');
-    default: throw new BoxError(BoxError.BAD_FIELD, `Unknown provider: ${backupSite.provider}`);
-    }
+    const provider = STORAGE_PROVIDERS[backupSite.provider];
+    if (!provider) throw new BoxError(BoxError.BAD_FIELD, `Unknown provider: ${backupSite.provider}`);
+    return provider;
 }
 
 function postProcess(result) {