Migrate codebase from CommonJS to ES Modules

- Convert all require()/module.exports to import/export across 260+ files
- Add "type": "module" to package.json to enable ESM by default
- Add migrations/package.json with "type": "commonjs" to keep db-migrate compatible
- Convert eslint.config.js to ESM with sourceType: "module"
- Replace __dirname/__filename with import.meta.dirname/import.meta.filename
- Replace require.main === module with process.argv[1] === import.meta.filename
- Remove 'use strict' directives (implicit in ESM)
- Convert dynamic require() in switch statements to static import lookup maps
  (dns.js, domains.js, backupformats.js, backupsites.js, network.js)
- Extract self-referencing exports.CONSTANT patterns into standalone const
  declarations (apps.js, services.js, locks.js, users.js, mail.js, etc.)
- Lazify SERVICES object in services.js to avoid circular dependency TDZ issues
- Add clearMailQueue() to mailer.js for ESM-safe queue clearing in tests
- Add _setMockApp() to ldapserver.js for ESM-safe test mocking
- Add _setMockResolve() wrapper to dig.js for ESM-safe DNS mocking in tests
- Convert backupupload.js to use dynamic imports so --check exits before
  loading the module graph (which requires BOX_ENV)
- Update check-install to use ESM import for infra_version.js
- Convert scripts/ (hotfix, release, remote_hotfix.js, find-unused-translations)
- All 1315 tests passing

Migration stats (AI-assisted using Cursor with Claude):
- Wall clock time: ~3-4 hours
- Assistant completions: ~80-100
- Estimated token usage: ~1-2M tokens

Co-authored-by: Cursor <cursoragent@cursor.com>

src/settings.js

@@ -1,53 +1,77 @@
-'use strict';
+import assert from 'node:assert';
+import * as database from './database.js';
+import safe from 'safetydance';
 
-exports = module.exports = {
+const APPSTORE_API_TOKEN_KEY = 'appstore_api_token';
+const API_SERVER_ORIGIN_KEY = 'api_server_origin';
+const AUTOUPDATE_PATTERN_KEY = 'autoupdate_pattern';
+const CLOUDRON_AVATAR_KEY = 'cloudron_avatar';
+const CLOUDRON_BACKGROUND_KEY = 'cloudron_background';
+const CLOUDRON_ID_KEY = 'cloudron_id';
+const CLOUDRON_NAME_KEY = 'cloudron_name';
+const CONSOLE_SERVER_ORIGIN_KEY = 'console_server_origin';
+const DASHBOARD_DOMAIN_KEY = 'dashboard_domain';
+const DASHBOARD_SUBDOMAIN_KEY = 'dashboard_subdomain';
+const DIRECTORY_SERVER_KEY = 'directory_server_config';
+const DYNAMIC_DNS_KEY = 'dynamic_dns';
+const EXTERNAL_LDAP_KEY = 'external_ldap_config';
+const FOOTER_KEY = 'footer';
+const FIREWALL_BLOCKLIST_KEY = 'firewall_blocklist';
+const GHOSTS_CONFIG_KEY = 'ghosts_config';
+const IPV4_CONFIG_KEY = 'ipv4_config';
+const IPV6_CONFIG_KEY = 'ipv6_config';
+const LANGUAGE_KEY = 'language';
+const MAIL_DOMAIN_KEY = 'mail_domain';
+const MAIL_SUBDOMAIN_KEY = 'mail_subdomain';
+const OIDC_COOKIE_SECRET_KEY = 'cookie_secret';
+const PROFILE_CONFIG_KEY = 'profile_config';
+const REVERSE_PROXY_CONFIG_KEY = 'reverseproxy_config';
+const SERVICES_CONFIG_KEY = 'services_config';
+const TIME_ZONE_KEY = 'time_zone';
+const TRUSTED_IPS_KEY = 'trusted_ips_key';
+const WEB_SERVER_ORIGIN_KEY = 'web_server_origin';
+const _clear = clear;
+const _set = set;
+
+export {
     get,
     set,
-
     getJson,
     setJson,
-
     getBlob,
     setBlob,
-
-    APPSTORE_API_TOKEN_KEY: 'appstore_api_token',
-    API_SERVER_ORIGIN_KEY: 'api_server_origin',
-    AUTOUPDATE_PATTERN_KEY: 'autoupdate_pattern',
-    CLOUDRON_AVATAR_KEY: 'cloudron_avatar',
-    CLOUDRON_BACKGROUND_KEY: 'cloudron_background',
-    CLOUDRON_ID_KEY: 'cloudron_id',
-    CLOUDRON_NAME_KEY: 'cloudron_name',
-    CONSOLE_SERVER_ORIGIN_KEY: 'console_server_origin',
-    DASHBOARD_DOMAIN_KEY: 'dashboard_domain',
-    DASHBOARD_SUBDOMAIN_KEY: 'dashboard_subdomain',
-    DIRECTORY_SERVER_KEY: 'directory_server_config',
-    DYNAMIC_DNS_KEY: 'dynamic_dns',
-    EXTERNAL_LDAP_KEY: 'external_ldap_config',
-    FOOTER_KEY: 'footer',
-    FIREWALL_BLOCKLIST_KEY: 'firewall_blocklist',
-    GHOSTS_CONFIG_KEY: 'ghosts_config',
-    IPV4_CONFIG_KEY: 'ipv4_config',
-    IPV6_CONFIG_KEY: 'ipv6_config',
-    LANGUAGE_KEY: 'language',
-    MAIL_DOMAIN_KEY: 'mail_domain',
-    MAIL_SUBDOMAIN_KEY: 'mail_subdomain',
-    OIDC_COOKIE_SECRET_KEY: 'cookie_secret',
-    PROFILE_CONFIG_KEY: 'profile_config',
-    REVERSE_PROXY_CONFIG_KEY: 'reverseproxy_config',
-    SERVICES_CONFIG_KEY: 'services_config',
-    TIME_ZONE_KEY: 'time_zone',
-    TRUSTED_IPS_KEY: 'trusted_ips_key',
-    WEB_SERVER_ORIGIN_KEY: 'web_server_origin',
-
-    // testing
-    _clear: clear,
-    _set: set
+    APPSTORE_API_TOKEN_KEY,
+    API_SERVER_ORIGIN_KEY,
+    AUTOUPDATE_PATTERN_KEY,
+    CLOUDRON_AVATAR_KEY,
+    CLOUDRON_BACKGROUND_KEY,
+    CLOUDRON_ID_KEY,
+    CLOUDRON_NAME_KEY,
+    CONSOLE_SERVER_ORIGIN_KEY,
+    DASHBOARD_DOMAIN_KEY,
+    DASHBOARD_SUBDOMAIN_KEY,
+    DIRECTORY_SERVER_KEY,
+    DYNAMIC_DNS_KEY,
+    EXTERNAL_LDAP_KEY,
+    FOOTER_KEY,
+    FIREWALL_BLOCKLIST_KEY,
+    GHOSTS_CONFIG_KEY,
+    IPV4_CONFIG_KEY,
+    IPV6_CONFIG_KEY,
+    LANGUAGE_KEY,
+    MAIL_DOMAIN_KEY,
+    MAIL_SUBDOMAIN_KEY,
+    OIDC_COOKIE_SECRET_KEY,
+    PROFILE_CONFIG_KEY,
+    REVERSE_PROXY_CONFIG_KEY,
+    SERVICES_CONFIG_KEY,
+    TIME_ZONE_KEY,
+    TRUSTED_IPS_KEY,
+    WEB_SERVER_ORIGIN_KEY,
+    _clear,
+    _set,
 };
 
-const assert = require('node:assert'),
-    database = require('./database.js'),
-    safe = require('safetydance');
-
 const SETTINGS_FIELDS = [ 'name', 'value' ].join(',');
 const SETTINGS_BLOB_FIELDS = [ 'name', 'valueBlob' ].join(',');