feat: implement flexible editor gate system

- Replace automatic auth controls with developer-placed .insertr-gate elements
- Add OAuth-ready authentication flow with mock implementation
- Support any HTML element as gate with custom styling
- Implement proper gate restoration after authentication
- Move auth controls to bottom-right corner for better UX
- Add editor gates to demo pages (footer link and styled button)
- Maintain gates visible by default with hideGatesAfterAuth option
- Prevent duplicate authentication attempts with loading states

This enables small business owners to access editor via discrete
footer links or custom-styled elements placed anywhere by developers.

insertr-cli/pkg/content/injector.go

@@ -2,6 +2,7 @@ package content
 
 import (
 	"fmt"
+	"strings"
 
 	"golang.org/x/net/html"
 )
@@ -145,21 +146,19 @@ func (i *Injector) InjectEditorAssets(doc *html.Node, isDevelopment bool, librar
 	}
 
 	// Add inline script with embedded library
-	script := &html.Node{
-		Type: html.ElementNode,
-		Data: "script",
-		Attr: []html.Attribute{
-			{Key: "type", Val: "text/javascript"},
-		},
-	}
+	// Note: Using html.TextNode for scripts can cause issues with HTML entity encoding
+	// Instead, we'll insert the script tag as raw HTML
+	scriptHTML := fmt.Sprintf(`<script type="text/javascript">
+%s
+</script>`, libraryScript)
 
-	// Add the library content as text node
-	textNode := &html.Node{
-		Type: html.TextNode,
-		Data: libraryScript,
+	// Parse the script HTML and append to head
+	scriptNodes, err := html.ParseFragment(strings.NewReader(scriptHTML), head)
+	if err == nil && len(scriptNodes) > 0 {
+		for _, node := range scriptNodes {
+			head.AppendChild(node)
+		}
 	}
-	script.AppendChild(textNode)
-	head.AppendChild(script)
 }
 
 // findHeadElement finds the <head> element in the document