Tailwind UI rebuild, legacy authorization, OS surface removals

Hand the authorization layer off to dojo-pro. OS keeps a legacy
``is_superuser`` / ``is_staff`` / ``authorized_users`` model and the
seven RBAC + Dojo_Group classes survive as ``managed=False`` shells in
``dojo/authorization/models.py`` so historical pro migrations
(``pro.0001_plugiun_consolidation`` ``EnhancedDojoGroup.group``,
``pro.0034_pghistory_for_permissions_models`` proxy bases) keep
resolving when Django reloads project state. OS code makes no
runtime references to Pro.

Single ``dojo.0268_release_authorization_to_pro`` migration folds:
- Re-introduces ``authorized_users`` M2M on Product / Product_Type and
  backfills it from the RBAC tables (Member / Group → flat membership;
  Global_Role(Owner|Writer|Maintainer|API_Importer) → ``is_superuser`` /
  ``is_staff``).
- Drops the redundant post-RBAC ``members`` / ``authorization_groups``
  M2M accessors on Product / Product_Type (the through-tables remain).
- Flips the eight authorization shells to ``managed=False`` and pins
  their ``db_table``s.
- ``RemoveField``s ``default_group`` / ``default_group_role`` /
  ``default_group_email_pattern`` from ``dojo_system_settings`` (Pro
  copies the values onto ``EnhancedSystemSettings`` first via
  ``run_before``).

Plus the Tailwind UI rebuild and the OS surface tidying that this
branch was already carrying.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: 2 people

Dockerfile.nginx-alpine

@@ -61,6 +61,8 @@ RUN \
   yarn
 COPY manage.py ./
 COPY dojo/ ./dojo/
+# Build Tailwind CSS
+RUN cd components && yarn build:css
 # always collect static for debug toolbar as we can't make it dependant on env variables or build arguments without breaking docker layer caching
 RUN env DD_SECRET_KEY='.' DD_DJANGO_DEBUG_TOOLBAR_ENABLED=True python3 manage.py collectstatic --noinput --verbosity=2 && true
 

components/node_modules/.gitkeep

@@ -1,14 +1,18 @@
 {
   "name": "defectdojo",
   "version": "2.59.0-dev",
-  "license" : "BSD-3-Clause",
+  "license": "BSD-3-Clause",
   "private": true,
   "dependencies": {
+    "@fontsource-variable/work-sans": "^5.1",
     "JUMFlot": "jumjum123/JUMFlot#*",
+    "alpinejs": "^3.14",
     "bootstrap": "^3.4.1",
     "bootstrap-select": "^1.13.18",
     "bootstrap-social": "^4.0.0",
     "bootstrap-wysiwyg": "^2.0.0",
+    "chart.js": "^4.4",
+    "chartjs-adapter-moment": "^1.0",
     "chosen-bootstrap": "https://github.com/dbtek/chosen-bootstrap",
     "chosen-js": "^1.8.7",
     "clipboard": "^2.0.11",
@@ -18,10 +22,12 @@
     "drmonty-datatables-plugins": "^1.0.0",
     "drmonty-datatables-responsive": "^1.0.0",
     "easymde": "^2.21.0",
+    "flatpickr": "^4.6",
     "flot": "flot/flot#~0.8.3",
     "font-awesome": "^4.0.0",
     "fullcalendar": "^3.10.2",
     "google-code-prettify": "^1.0.0",
+    "htmx.org": "^2.0",
     "jquery": "^3.7.1",
     "jquery-highlight": "3.5.0",
     "jquery-ui": "1.14.2",
@@ -36,6 +42,16 @@
     "pdfmake": "^0.3.7",
     "startbootstrap-sb-admin-2": "1.0.7"
   },
+  "devDependencies": {
+    "@tailwindcss/cli": "^4.1",
+    "@tailwindcss/forms": "^0.5",
+    "tailwindcss": "^4.1"
+  },
+  "scripts": {
+    "copy:fonts": "mkdir -p ../dojo/static/dojo/css/files && cp node_modules/@fontsource-variable/work-sans/files/work-sans-*-wght-normal.woff2 ../dojo/static/dojo/css/files/",
+    "build:css": "npm run copy:fonts && npx @tailwindcss/cli -i tailwind.css -o ../dojo/static/dojo/css/tailwind-out.css --minify",
+    "watch:css": "npm run copy:fonts && npx @tailwindcss/cli -i tailwind.css -o ../dojo/static/dojo/css/tailwind-out.css --watch"
+  },
   "engines": {
     "yarn": ">= 1.0.0"
   }