feat(lab1): juice shop deploy and triage report

[eraegar]

Goal

Add the Lab 1 submission report for OWASP Juice Shop deployment and create a reusable PR template for future course submissions.

Changes

• Added submissions/lab1.md with the triage report, deployment details, health checks, browser observations, security header review, and OWASP Top 10:2025 risk mapping
• Added .github/PULL_REQUEST_TEMPLATE.md for future course PRs
• Added .github/workflows/lab1-smoke.yml for the Lab 1 bonus CI smoke test

Testing

Commands used:

docker ps --filter name=juice-shop --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}'
curl -s -o /dev/null -w "HTTP %{http_code}\n" http://127.0.0.1:3000
curl -s http://127.0.0.1:3000/api/Products | jq '.data | length'
curl -s http://127.0.0.1:3000/rest/admin/application-version | jq
curl -I http://127.0.0.1:3000 2>&1 | head -20

Observed results:

• Juice Shop container was running on 127.0.0.1:3000
• Homepage returned HTTP 200
• /api/Products returned 46 products
• /rest/admin/application-version returned version 20.0.0
• Response headers showed missing Content-Security-Policy and Strict-Transport-Security

Artifacts & Screenshots

• Submission file: submissions/lab1.md
• PR template: .github/PULL_REQUEST_TEMPLATE.md
• Bonus workflow: .github/workflows/lab1-smoke.yml
• Screenshots attached in this PR:
  • Juice Shop landing page
  • Login/Registration view

- DevTools Network tab - DevTools Application/Storage view with token redacted - PR template auto-fill evidence:

• Title is clear (feat(lab1): <topic> style)
• No secrets/large temp files committed
• Submission file at submissions/lab1.md exists