chore: add Netlify deployment configuration

- netlify.toml: Configure cargo build --release and run compiler.
  Publish directory set to public/.

- static/_headers: Add security headers (X-Frame-Options, CSP, etc.)
  and cache control for static assets (1 year for css/images,
  1 hour for HTML, 1 hour for feed).

netlify.toml

@@ -0,0 +1,13 @@
+# Netlify build configuration for nrd.sh
+
+[build]
+  command = "cargo build --release && ./target/release/nrd-sh"
+  publish = "public"
+
+[build.environment]
+  RUST_VERSION = "1.84"
+
+# Redirect clean URLs (optional, for server-side routing)
+# Not needed since we use .html extensions
+
+# Headers are configured in static/_headers

static/_headers

@@ -0,0 +1,25 @@
+# Netlify headers for nrd.sh
+
+# Default headers for all paths
+/*
+  X-Frame-Options: DENY
+  X-Content-Type-Options: nosniff
+  Referrer-Policy: strict-origin-when-cross-origin
+
+# Cache static assets aggressively
+/*.css
+  Cache-Control: public, max-age=31536000, immutable
+
+/*.png
+  Cache-Control: public, max-age=31536000, immutable
+
+/*.gif
+  Cache-Control: public, max-age=31536000, immutable
+
+# HTML pages: short cache, revalidate
+/*.html
+  Cache-Control: public, max-age=3600, must-revalidate
+
+# Feed: moderate cache
+/feed.xml
+  Cache-Control: public, max-age=3600