feat(ui): migrate to Tailwind (compiled) + Flowbite JS; new navbar/layout; Docker CSS build

- Add multi-stage CSS build that compiles Tailwind into app/static/tw.css
- Add Tailwind config with dark tokens (bg/nav/card) and purge globs
- Add assets/input.css (@tailwind base/components/utilities + small utilities)
- Replace Tailwind CDN + REMOVE Flowbite CSS (keep Flowbite JS only)
- New base_tailwind.html (top navbar, responsive container, {%- block scripts -%})
- Port pages to Tailwind look/feel with wider content column:
  - index: single-column form + recent results, fullscreen spinner overlay, copy-UUID
  - result: sticky jump list, Tailwind tables/badges, Suspicious Scripts/Forms sections
  - viewer: Monaco-based code viewer in Tailwind card, actions (copy/wrap/raw)
  - ssl_tls macro: rewritten with Tailwind (details/summary for raw JSON)
- Dockerfile: add css-builder stage and copy built tw.css into /app/app/static
- Remove Flowbite stylesheet to avoid overrides; Flowbite JS loaded with defer

BREAKING CHANGE:
Legacy CSS classes/components (.card, .badge, etc.) are replaced by Tailwind utilities.
All templates now expect tw.css to be served from /static.

docs/roadmap.md

@@ -1,20 +1,21 @@
 # SneakyScope — Roadmap (Updated 8-21-25)
 
 ## Priority 1 – Core Analysis / Stability
+* why are the rules not finding anything now?
+* if cloudflare, we notate and badge it, along with a blurp that explains how cloudflare is both used for good and evil.
+* need a generalized "total score" for the site. something that is a quick 0/10 (guessing on the number), so new analyst don't have to think on the details.
 
-*(no open items currently tracked in this bucket)*
+## Priority 2 – UI / UX
+* Rules Lab (WYSIWYG tester): paste a rule, validate/compile, run against sample text; lightweight nav entry.
+* Build reusable util classes in tailwind and replace the long class strings. Classes to build: badge, badge-ok, badge-warn, badge-danger, chip, card.
 
-## Priority 2 – API Layer
+## Priority 3 – API Layer
 
 * API endpoints: `/screenshot`, `/source`, `/analyse`.
 * **OpenAPI**: add `POST /api/analyze_script` (request/response schemas, examples) to `openapi/openapi.yaml`; serve at `/api/openapi.yaml`.
 * Docs UI: Swagger UI or Redoc at `/docs`.
 * (Nice-to-have) API JSON error consistency: handlers for 400/403/404/405/500 that always return JSON.
 
-## Priority 3 – UI / UX
-
-* Rules Lab (WYSIWYG tester): paste a rule, validate/compile, run against sample text; lightweight nav entry.
-
 ## Priority 4 – Artifact Management & Ops
 
 * Retention/cleanup policy for old artifacts (age/size thresholds).
@@ -23,11 +24,11 @@
 
 ## Priority 5 – Extras / Integrations
 
-* Bulk URL analysis (batch/queue).
-* Optional: analyst verdict tags and export (CSV/JSON).
 * Domain reputation (local feeds): build and refresh a consolidated domain/URL reputation store from URLHaus database dump and OpenPhish community dataset (scheduled pulls with dedup/normalize).
 * Threat intel connectors (settings-driven): add `settings.yaml` entries for VirusTotal and ThreatFox API keys (plus future providers); when present, enrich lookups and merge results into the unified reputation checks during analysis.
 
 ## Backlog / Far-Off Plans
 
 * Server profile scan: run a lightweight nmap service/banner scan on common web/alt ports (80, 443, 8000, 8080, 8443, etc.) and SSH; combine with server headers to infer stack (e.g., IIS vs. Linux/\*nix).
+
+* IP Lookups 0 if we are successful on domain replutation / ip reputation