feat: single entry point routing — convert to front controller pattern

- Create app/public/index.php as front controller (bootstrap + Dispatcher)
- Rewrite app/router.php for PHP dev server → all non-asset requests to index.php
- Update Dispatcher to render full page layouts (head+header+view+footer)
- Move public view templates into templates/public/ (home, search, tfe, about, repertoire)
- Delete dead direct-access public/*.php files (apropos, search, tfe, licence, repertoire)
- Add clean URL routes to Dispatcher (/search, /tfe, /repertoire, /apropos, /licence, /media)
- Remove .php extensions from all internal links (header, views, templates, URLs)
- Update OG tags in controllers to use clean URLs
- Update nginx posterg.conf → front-controller try_files pattern, block direct .php access
- Update header.php and search-bar.php form actions to clean URLs
- Switch AboutController nav key from 'nav' to 'currentNav' for consistency

nginx/posterg.conf

@@ -148,23 +148,28 @@ server {
         try_files $uri $uri/ =404;
     }
 
-    # Share-link (partage) — rewrite pretty URLs to index.php
+    # Share-link (partage) — handled by front controller
     location /partage/ {
-        try_files $uri /partage/index.php$is_args$args;
+        try_files $uri /index.php$is_args$args;
     }
 
-    # Search endpoint - rate limiting
-    location = /search.php {
-        limit_req zone=search burst=10 nodelay;
-        include snippets/fastcgi-php.conf;
-        fastcgi_pass unix:/var/run/php/php8.4-fpm.sock;
+    # /media — served by front controller (MediaController validates + streams)
+    location = /media {
+        try_files $uri /index.php$is_args$args;
     }
 
-    # PHP files handler (public pages)
-    location ~ \.php$ {
-        # Rate limiting for general PHP requests
-        limit_req zone=general burst=20 nodelay;
+    # /live-reload — served by front controller
+    location = /live-reload {
+        try_files $uri /index.php$is_args$args;
+    }
 
+    # Maintenance page
+    location = /maintenance {
+        try_files $uri /index.php$is_args$args;
+    }
+
+    # Front controller — all PHP requests routed through index.php
+    location = /index.php {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php8.4-fpm.sock;
 
@@ -176,6 +181,16 @@ server {
         fastcgi_send_timeout 120;
     }
 
+    # All other clean URLs — fall through to front controller
+    location / {
+        try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    # Block all other direct PHP access (security)
+    location ~ \.php$ {
+        deny all;
+    }
+
     # Static files caching
     location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|otf)$ {
         expires 30d;
@@ -190,18 +205,13 @@ server {
         add_header Content-Disposition "inline";
     }
 
-    # Silence favicon.ico 404s — browsers that ignore <link rel="icon"> still request this
+    # Silence favicon.ico 404s
     location = /favicon.ico {
         return 204;
         access_log off;
         log_not_found off;
     }
 
-    # Root location - try files or 404
-    location / {
-        try_files $uri $uri/ =404;
-    }
-
     # Deny access to .htaccess files
     location ~ /\.ht {
         deny all;