fix: Address golangci-lint errors (errcheck, gosec) (#76)

Apply PR #76 from dannomayernotabot:

- Add golangci exclusions for internal package false positives
- Tighten file permissions (0644 -> 0600) for sensitive files
- Add ReadHeaderTimeout to HTTP server (slowloris prevention)
- Explicit error ignoring with _ = for intentional cases
- Add //nolint comments with justifications
- Spelling: cancelled -> canceled (US locale)

Co-Authored-By: dannomayernotabot <noreply@github.com>

🤖 Generated with Claude Code

internal/feed/curator.go

@@ -88,14 +88,14 @@ func (c *Curator) Start() error {
 	eventsPath := filepath.Join(c.townRoot, events.EventsFile)
 
 	// Open events file, creating if needed
-	file, err := os.OpenFile(eventsPath, os.O_RDONLY|os.O_CREATE, 0644)
+	file, err := os.OpenFile(eventsPath, os.O_RDONLY|os.O_CREATE, 0644) //nolint:gosec // G302: events file is non-sensitive operational data
 	if err != nil {
 		return fmt.Errorf("opening events file: %w", err)
 	}
 
 	// Seek to end to only process new events
 	if _, err := file.Seek(0, io.SeekEnd); err != nil {
-		file.Close()
+		_ = file.Close() //nolint:gosec // G104: best effort cleanup on error
 		return fmt.Errorf("seeking to end: %w", err)
 	}
 
@@ -285,13 +285,13 @@ func (c *Curator) writeFeedEvent(event *events.Event) {
 	data = append(data, '\n')
 
 	feedPath := filepath.Join(c.townRoot, FeedFile)
-	f, err := os.OpenFile(feedPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+	f, err := os.OpenFile(feedPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) //nolint:gosec // G302: feed file is non-sensitive operational data
 	if err != nil {
 		return
 	}
 	defer f.Close()
 
-	f.Write(data)
+	_, _ = f.Write(data)
 }
 
 // generateSummary creates a human-readable summary of an event.