Migrate codebase from CommonJS to ES Modules

- Convert all require()/module.exports to import/export across 260+ files
- Add "type": "module" to package.json to enable ESM by default
- Add migrations/package.json with "type": "commonjs" to keep db-migrate compatible
- Convert eslint.config.js to ESM with sourceType: "module"
- Replace __dirname/__filename with import.meta.dirname/import.meta.filename
- Replace require.main === module with process.argv[1] === import.meta.filename
- Remove 'use strict' directives (implicit in ESM)
- Convert dynamic require() in switch statements to static import lookup maps
  (dns.js, domains.js, backupformats.js, backupsites.js, network.js)
- Extract self-referencing exports.CONSTANT patterns into standalone const
  declarations (apps.js, services.js, locks.js, users.js, mail.js, etc.)
- Lazify SERVICES object in services.js to avoid circular dependency TDZ issues
- Add clearMailQueue() to mailer.js for ESM-safe queue clearing in tests
- Add _setMockApp() to ldapserver.js for ESM-safe test mocking
- Add _setMockResolve() wrapper to dig.js for ESM-safe DNS mocking in tests
- Convert backupupload.js to use dynamic imports so --check exits before
  loading the module graph (which requires BOX_ENV)
- Update check-install to use ESM import for infra_version.js
- Convert scripts/ (hotfix, release, remote_hotfix.js, find-unused-translations)
- All 1315 tests passing

Migration stats (AI-assisted using Cursor with Claude):
- Wall clock time: ~3-4 hours
- Assistant completions: ~80-100
- Estimated token usage: ~1-2M tokens

Co-authored-by: Cursor <cursoragent@cursor.com>

src/domains.js

@@ -1,6 +1,44 @@
-'use strict';
+import assert from 'node:assert';
+import BoxError from './boxerror.js';
+import constants from './constants.js';
+import crypto from 'node:crypto';
+import * as dashboard from './dashboard.js';
+import * as database from './database.js';
+import debugModule from 'debug';
+import eventlog from './eventlog.js';
+import * as mailServer from './mailserver.js';
+import * as notifications from './notifications.js';
+import * as openssl from './openssl.js';
+import * as reverseProxy from './reverseproxy.js';
+import safe from 'safetydance';
+import tld from 'tldjs';
+import * as _ from './underscore.js';
+import * as dnsBunny from './dns/bunny.js';
+import * as dnsCloudflare from './dns/cloudflare.js';
+import * as dnsDesec from './dns/desec.js';
+import * as dnsDnsimple from './dns/dnsimple.js';
+import * as dnsRoute53 from './dns/route53.js';
+import * as dnsGcdns from './dns/gcdns.js';
+import * as dnsDigitalocean from './dns/digitalocean.js';
+import * as dnsGandi from './dns/gandi.js';
+import * as dnsGodaddy from './dns/godaddy.js';
+import * as dnsHetzner from './dns/hetzner.js';
+import * as dnsHetznercloud from './dns/hetznercloud.js';
+import * as dnsInwx from './dns/inwx.js';
+import * as dnsLinode from './dns/linode.js';
+import * as dnsVultr from './dns/vultr.js';
+import * as dnsNamecom from './dns/namecom.js';
+import * as dnsNamecheap from './dns/namecheap.js';
+import * as dnsNetcup from './dns/netcup.js';
+import * as dnsNoop from './dns/noop.js';
+import * as dnsOvh from './dns/ovh.js';
+import * as dnsManual from './dns/manual.js';
+import * as dnsPorkbun from './dns/porkbun.js';
+import * as dnsWildcard from './dns/wildcard.js';
 
-exports = module.exports = {
+const debug = debugModule('box:domains');
+
+export {
     add,
     get,
     list,
@@ -17,22 +55,6 @@ exports = module.exports = {
     checkConfigs
 };
 
-const assert = require('node:assert'),
-    BoxError = require('./boxerror.js'),
-    constants = require('./constants.js'),
-    crypto = require('node:crypto'),
-    dashboard = require('./dashboard.js'),
-    database = require('./database.js'),
-    debug = require('debug')('box:domains'),
-    eventlog = require('./eventlog.js'),
-    mailServer = require('./mailserver.js'),
-    notifications = require('./notifications.js'),
-    openssl = require('./openssl.js'),
-    reverseProxy = require('./reverseproxy.js'),
-    safe = require('safetydance'),
-    tld = require('tldjs'),
-    _ = require('./underscore.js');
-
 const DOMAINS_FIELDS = [ 'domain', 'zoneName', 'provider', 'configJson', 'tlsConfigJson', 'wellKnownJson', 'fallbackCertificateJson' ].join(',');
 
 function postProcess(data) {
@@ -51,35 +73,20 @@ function postProcess(data) {
     return data;
 }
 
+const DNS_PROVIDERS = {
+    bunny: dnsBunny, cloudflare: dnsCloudflare, desec: dnsDesec, dnsimple: dnsDnsimple,
+    route53: dnsRoute53, gcdns: dnsGcdns, digitalocean: dnsDigitalocean, gandi: dnsGandi,
+    godaddy: dnsGodaddy, hetzner: dnsHetzner, hetznercloud: dnsHetznercloud, inwx: dnsInwx,
+    linode: dnsLinode, vultr: dnsVultr, namecom: dnsNamecom, namecheap: dnsNamecheap,
+    netcup: dnsNetcup, noop: dnsNoop, ovh: dnsOvh, manual: dnsManual,
+    porkbun: dnsPorkbun, wildcard: dnsWildcard
+};
+
 // choose which subdomain backend we use for test purpose we use route53
 function api(provider) {
     assert.strictEqual(typeof provider, 'string');
 
-    switch (provider) {
-    case 'bunny': return require('./dns/bunny.js');
-    case 'cloudflare': return require('./dns/cloudflare.js');
-    case 'desec': return require('./dns/desec.js');
-    case 'dnsimple': return require('./dns/dnsimple.js');
-    case 'route53': return require('./dns/route53.js');
-    case 'gcdns': return require('./dns/gcdns.js');
-    case 'digitalocean': return require('./dns/digitalocean.js');
-    case 'gandi': return require('./dns/gandi.js');
-    case 'godaddy': return require('./dns/godaddy.js');
-    case 'hetzner': return require('./dns/hetzner.js');
-    case 'hetznercloud': return require('./dns/hetznercloud.js');
-    case 'inwx': return require('./dns/inwx.js');
-    case 'linode': return require('./dns/linode.js');
-    case 'vultr': return require('./dns/vultr.js');
-    case 'namecom': return require('./dns/namecom.js');
-    case 'namecheap': return require('./dns/namecheap.js');
-    case 'netcup': return require('./dns/netcup.js');
-    case 'noop': return require('./dns/noop.js');
-    case 'ovh': return require('./dns/ovh.js');
-    case 'manual': return require('./dns/manual.js');
-    case 'porkbun': return require('./dns/porkbun.js');
-    case 'wildcard': return require('./dns/wildcard.js');
-    default: return null;
-    }
+    return DNS_PROVIDERS[provider] || null;
 }
 
 async function verifyDomainConfig(domainConfig, domain, zoneName, provider) {