feat(metrics): tag cryptify uploads with X-Cryptify-Source: website

[rubenhensen]

Summary

Sets X-Cryptify-Source: website on the PostGuard SDK so cryptify's per-channel upload metrics (encryption4all/cryptify#102) classify this site deterministically rather than via the Origin-host fallback.

Why

Cryptify's detect_channel checks the Origin header before falling back to User-Agent substring matching. The Outlook add-in is served from addin.*.postguard.eu, which matches cryptify's contains("postguard.") rule and shadows the User-Agent "outlook" check — so without explicit X-Cryptify-Source headers, Outlook traffic would be miscounted as website (and dev Outlook traffic as staging-website). Setting the header explicitly on each client side removes the ambiguity, and dropping reliance on Origin lets us merge staging-website into website if we ever want to.

Test plan

• Type-check clean (npx tsc --noEmit).
• In a dev preview build, upload a file, then in Cockpit Grafana Explore on the custom metrics DS run cryptify_uploads_total{channel="website"} — value should increment by 1.

[rubenhensen]

/dobby review

[dobby-coder]

This agent sees the request, sir! Reviewing the PR now — though this agent notes it appears already merged, so will post findings as a post-merge review.

[dobby-coder]

Review (post-merge)

The PR was already merged by the time this agent picked up the request, but here is the verdict for the record.

Verdict: LGTM ✅

The diff is exactly what the description promises: one headers: { 'X-Cryptify-Source': 'website' } entry on the shared PostGuard client in src/lib/postguard.ts. The inline comment captures the why (Origin-header collision with the Outlook add-in on *.postguard.eu).

What this agent checked

• Diff matches the PR description; no other files touched.
• All CI green at merge time (Build amd64/arm64, Lint, Svelte Check, Conventional Commit).
• pg is the single shared client instance, so every cryptify upload path (SendButton.svelte and any future caller) inherits the header — no per-call sprinkling needed.
• Placement before the conditional uploadChunkSize spread is fine; key ordering is irrelevant here and the explicit literal is easy to grep for.

Nits (non-blocking, only if you ever touch this again)

• The header value 'website' is a free-form magic string shared with cryptify's detect_channel. If the set of channels grows, exporting it as a constant from a shared pg-js/cryptify type would prevent drift. Not worth a follow-up for one literal.
• Unchecked test-plan box: the "Cockpit Grafana cryptify_uploads_total{channel="website"} increments by 1" verification still needs doing on the live deploy. Worth running through once after the next release cuts.