v0.2.0: Fix List Jobs bug, TLS 1.3 enforcement, client_disconnect_timeout, RwLock contention

Bug fixes:
- Fix List Jobs connection reset: Add client_disconnect_timeout (5s) to prevent TLS write truncation
- Enforce TLS 1.3 only: Add with_protocol_versions(&[&TLS13]) to rustls ServerConfig
- Fix RwLock contention: Release read lock before sorting in list_jobs()
- Fix systemd service: Remove ProtectSystem=strict (blocks package management)
- Fix systemd service: Change Type=notify to Type=simple (fixes restart hangs)
- Fix systemd service: Add DEBIAN_FRONTEND=noninteractive
- Fix systemd service: Add ReadWritePaths for apt/dpkg paths

CI/CD:
- Add Ubuntu 22.04 build job to CI workflow

E2E Testing:
- Add comprehensive E2E test suite (test_e2e.py)
- Tests cover health, packages, patches, jobs, security, and reboot endpoints

Other:
- Bump version to 0.2.0
- Add lessons learned documentation

src/auth/mtls.rs

@@ -12,6 +12,7 @@ use chrono::{DateTime, Duration, Utc};
 use futures_util::future::LocalBoxFuture;
 use rustls::{
     server::{ServerConfig, WebPkiClientVerifier},
+    version::TLS13,
     RootCertStore,
 };
 use rustls_pemfile::{certs, private_key};
@@ -79,6 +80,8 @@ impl MtlsMiddleware {
         let server_key = load_private_key(&self.config.server_key_path)?;
 
         let config = ServerConfig::builder()
+            .with_protocol_versions(&[&TLS13])
+                .map_err(|e| MtlsError::ServerConfigError(format!("Failed to set TLS 1.3 only: {}", e)))?
             .with_client_cert_verifier(client_verifier)
             .with_single_cert(server_cert, server_key)
             .map_err(|e| MtlsError::ServerConfigError(e.to_string()))?;