Fix lock path resolution, i18n gaps, and entrypoint symlink safety

[Copilot]

_settings_file_lock computed its lock-file path at import time, causing test monkeypatches of SETTINGS_FILE to be silently ignored (lock pointed at the repo's config/ instead of tmp_path). Several user-scanner UI strings were also hardcoded in English, and the entrypoint's recursive chown could follow symlinks placed by the unprivileged app user.

Lock path resolved at acquire-time (settings.py)

_InterProcessSettingsFileLock now accepts a callable factory evaluated on each acquire() call. The module-level lock uses _settings_lock_file_factory() which reads SETTINGS_FILE via normal LOAD_GLOBAL, so any monkeypatch of simple_org_chart.settings.SETTINGS_FILE takes effect:

# Before: path baked in at import time
_settings_lock_file = os.path.join(os.fspath(SETTINGS_FILE.parent), ...)
_settings_file_lock = _InterProcessSettingsFileLock(_settings_lock_file)

# After: path resolved at acquire-time
def _settings_lock_file_factory() -> str:
    return os.path.join(os.fspath(SETTINGS_FILE.parent), f"{SETTINGS_FILE.name}.lock")

_settings_file_lock = _InterProcessSettingsFileLock(_settings_lock_file_factory)

Test fixture alignment (tests/test_email_schedule.py)

TestSavePreservesLastSent tests now patch both email_config.SETTINGS_FILE and settings.SETTINGS_FILE to the same tmp_path file, co-locating the lock file with the file under test.

i18n for user-scanner UI (static/configure.js + en-US.json)

All hardcoded strings in the user-scanner status/update flow replaced with resolveTranslation() calls. New keys added under configure.userScanner.status.* and configure.userScanner.update.*:

• installedPrefix, repoLink, unknownVersion
• checking, availablePrefix, availableArrow, upToDatePrefix/Suffix, unknownVersion, checkFailed, updating, updatedPrefix, failed, failedPrefix

Entrypoint symlink hardening (deploy/entrypoint.sh)

# Before
chown -R app:app "$dir"
# After
chown -R --no-dereference app:app "$dir"

Prevents the entrypoint (running as root) from following symlinks an attacker-controlled app user could plant in bind-mounted directories before the privilege drop.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

This PR fixes a settings lock-file path bug that broke test monkeypatching, fills i18n gaps in the user-scanner UI, and hardens the container entrypoint against symlink-based privilege escalation.

Changes:

• Resolve the settings lock-file path at lock-acquire time (instead of import time) to respect monkeypatched SETTINGS_FILE.
• Update email schedule tests to patch both email_config.SETTINGS_FILE and settings.SETTINGS_FILE.
• Replace hardcoded user-scanner status/update strings with i18n lookups and add new locale keys; harden entrypoint chown to not dereference symlinks.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
simple_org_chart/settings.py	Makes the inter-process lock accept a path factory so lock paths follow SETTINGS_FILE rebinding.
tests/test_email_schedule.py	Aligns test monkeypatching so the lock and settings file live together under tmp_path.
static/configure.js	Migrates user-scanner status/update UI strings to i18n lookups.
static/locales/en-US.json	Adds new translation keys for the user-scanner status/update flow.
deploy/entrypoint.sh	Prevents recursive chown from following symlinks (root context).

[Copilot]

The update status text is assembled by concatenating multiple translation keys (prefix/arrow/suffix) plus version values. This makes localization awkward for languages that need different word order or punctuation. Consider switching to a single i18n key with placeholders (e.g., "Update available: v{current} → v{latest}" / "Up to date (v{version})") and update getTranslation/resolveTranslation to pass params through to window.i18n.t(key, params) (supported by static/i18n.js).

[Copilot]

These new translation keys split single messages into multiple fragments (prefix/arrow/suffix) to support string concatenation in JS. That pattern is hard to localize because translators can’t reorder the placeholders. Prefer a single message per status with {} placeholders (supported by window.i18n.t(key, params) in static/i18n.js) so other locales can translate naturally.

Suggested change

	"installedPrefix": "Installed — v",
	"repoLink": "GitHub repo ↗",
	"unknownVersion": "unknown"
	},
	"update": {
	"checking": "Checking…",
	"availablePrefix": "Update available: v",
	"availableArrow": " → v",
	"upToDatePrefix": "Up to date (v",
	"upToDateSuffix": ")",
	"unknownVersion": "unknown",
	"checkFailed": "Failed to check for updates.",
	"updating": "Updating…",
	"updatedPrefix": "Updated to v",
	"failed": "Update failed.",
	"failedPrefix": "Update failed: "
	"installed": "Installed — v{version}",
	"repoLink": "GitHub repo ↗",
	"unknownVersion": "unknown"
	},
	"update": {
	"checking": "Checking…",
	"available": "Update available: v{currentVersion} → v{latestVersion}",
	"upToDate": "Up to date (v{version})",
	"unknownVersion": "unknown",
	"checkFailed": "Failed to check for updates.",
	"updating": "Updating…",
	"updated": "Updated to v{version}",
	"failed": "Update failed.",
	"failedWithReason": "Update failed: {reason}"