chore(tooling): configure static analysis, testing, and dev environment

This commit establishes the comprehensive quality assurance pipeline and
developer environment for the devkit.

- Adds configuration for PHPCS, Infection (mutation testing), and PHPBench.
- Adds recommended VSCode extensions, settings, and launch configurations.
- Adds a global .editorconfig file for consistent formatting.
- Updates Makefiles (local, qa, pipeline) to integrate the new tools.
- Updates PHPStan, PHPUnit, and PHP-CS-Fixer configurations.
- Removes the unused Rector configuration file.
- Fixes source code (UserProfile, UserId) to comply with stricter
  PHPStan static analysis rules.

Author: walmir-silva

.editorconfig

@@ -0,0 +1,37 @@
+# EditorConfig - Preserves premium comment formatting
+# https://editorconfig.org
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 4
+
+[*.php]
+indent_style = space
+indent_size = 4
+max_line_length = 120
+
+# Preserves spaces in comments (no trim)
+[*.php]
+trim_trailing_whitespace = false
+
+[*.{yml,yaml}]
+indent_size = 2
+
+[*.{json,json5}]
+indent_size = 2
+
+[*.{md,markdown}]
+trim_trailing_whitespace = false
+max_line_length = off
+
+[composer.json]
+indent_size = 4
+
+[{package.json,*.yml,*.yaml}]
+indent_size = 2

.env

@@ -0,0 +1,212 @@
+# ==============================================================================
+# KaririCode DevKit - Environment Configuration
+# ==============================================================================
+# Professional environment variables for Docker Compose
+# Copy to .env and customize: cp .env.example .env
+# ==============================================================================
+
+# ==============================================================================
+# APPLICATION
+# ==============================================================================
+APP_NAME=kariricode-devkit
+APP_ENV=development
+APP_DEBUG=true
+APP_SECRET=change-me-in-production
+APP_VERSION=dev
+SYMFONY_ENV=dev
+
+# ==============================================================================
+# DOCKER & SYSTEM
+# ==============================================================================
+# User/Group IDs (match host user for volume permissions)
+# Note: PHP container runs as root internally but processes run as www-data
+UID=1000
+GID=1000
+
+# Timezone
+TZ=UTC
+
+# Volume consistency (macOS performance)
+VOLUME_CONSISTENCY=cached
+
+# ==============================================================================
+# PORTS
+# ==============================================================================
+APP_PORT=8089
+REDIS_PORT=6379
+MEMCACHED_PORT=11211
+
+# ==============================================================================
+# PHP SERVICE (kariricode/php-api-stack)
+# ==============================================================================
+PHP_STACK_VERSION=dev
+
+# PHP Configuration
+PHP_MEMORY_LIMIT=2G
+PHP_MAX_EXECUTION_TIME=300
+PHP_UPLOAD_MAX_FILESIZE=50M
+PHP_POST_MAX_SIZE=50M
+
+# Resource Limits
+PHP_CPU_LIMIT=2.0
+PHP_CPU_RESERVATION=0.5
+PHP_MEMORY_RESERVATION=512M
+
+# OPcache
+OPCACHE_ENABLE=1
+OPCACHE_VALIDATE_TIMESTAMPS=1
+OPCACHE_REVALIDATE_FREQ=2
+
+# PHP-FPM Configuration
+PHP_FPM_PM=dynamic
+PHP_FPM_PM_MAX_CHILDREN=50
+PHP_FPM_PM_START_SERVERS=5
+PHP_FPM_PM_MIN_SPARE_SERVERS=5
+PHP_FPM_PM_MAX_SPARE_SERVERS=10
+PHP_FPM_PM_MAX_REQUESTS=500
+
+# ==============================================================================
+# XDEBUG
+# ==============================================================================
+XDEBUG_MODE=off
+XDEBUG_CLIENT_HOST=host.docker.internal
+XDEBUG_CLIENT_PORT=9003
+XDEBUG_SESSION=PHPSTORM
+
+# ==============================================================================
+# SESSION HANDLER
+# ==============================================================================
+# Session storage: files (local) or redis (distributed)
+SESSION_SAVE_HANDLER=files
+SESSION_SAVE_PATH=/tmp
+
+# ==============================================================================
+# REDIS (Internal - Inside PHP Container)
+# ==============================================================================
+# Redis runs internally at 127.0.0.1:6379 inside PHP container
+REDIS_HOST=127.0.0.1
+REDIS_PORT_INTERNAL=6379
+REDIS_PASSWORD=
+REDIS_DB=0
+REDIS_TIMEOUT=5
+REDIS_LOG_FILE=/var/log/redis.log
+
+# ==============================================================================
+# NGINX (Internal - Inside PHP Container)
+# ==============================================================================
+NGINX_WORKER_PROCESSES=auto
+NGINX_WORKER_CONNECTIONS=1024
+NGINX_CLIENT_MAX_BODY_SIZE=100M
+NGINX_KEEPALIVE_TIMEOUT=65
+
+# ==============================================================================
+# COMPOSER
+# ==============================================================================
+COMPOSER_MEMORY_LIMIT=-1
+COMPOSER_HOME=/root/.composer
+
+# ==============================================================================
+# MEMCACHED (External Service)
+# ==============================================================================
+MEMCACHED_VERSION=1.6-alpine
+MEMCACHED_MEMORY=256
+MEMCACHED_MAX_CONNECTIONS=1024
+MEMCACHED_THREADS=4
+MEMCACHED_MAX_ITEM_SIZE=5m
+
+# Resource Limits
+MEMCACHED_CPU_LIMIT=1.0
+MEMCACHED_CPU_RESERVATION=0.25
+MEMCACHED_MEMORY_TOTAL=512M
+MEMCACHED_MEMORY_RESERVATION=256M
+
+# Health Check
+MEMCACHED_HEALTHCHECK_INTERVAL=10s
+MEMCACHED_HEALTHCHECK_TIMEOUT=5s
+MEMCACHED_HEALTHCHECK_RETRIES=3
+MEMCACHED_HEALTHCHECK_START_PERIOD=10s
+
+# ==============================================================================
+# FEATURES
+# ==============================================================================
+DEMO_MODE=false
+HEALTH_CHECK_INSTALL=false
+
+# ==============================================================================
+# NETWORK
+# ==============================================================================
+ENABLE_IPV6=false
+BRIDGE_NAME=kariricode0
+NETWORK_MTU=1500
+NETWORK_SUBNET=172.20.0.0/16
+NETWORK_GATEWAY=172.20.0.1
+
+# ==============================================================================
+# LOGGING
+# ==============================================================================
+LOG_MAX_SIZE=10m
+LOG_MAX_FILE=3
+LOG_LEVEL=info
+
+# ==============================================================================
+# HEALTH CHECKS
+# ==============================================================================
+HEALTHCHECK_INTERVAL=30s
+HEALTHCHECK_TIMEOUT=10s
+HEALTHCHECK_RETRIES=3
+HEALTHCHECK_START_PERIOD=40s
+
+# ==============================================================================
+# TEMPORARY FILESYSTEM
+# ==============================================================================
+TMPFS_SIZE=100M
+
+# ==============================================================================
+# TROUBLESHOOTING
+# ==============================================================================
+# Port conflicts?
+#   - Change APP_PORT, REDIS_PORT, or MEMCACHED_PORT
+#   - Run: make diagnose-ports
+#   - Run: make fix-ports
+#
+# Performance issues on macOS?
+#   - Try VOLUME_CONSISTENCY=delegated
+#
+# Permission errors?
+#   - Note: Container runs as root, but PHP-FPM/Nginx run as www-data
+#   - Check file ownership: ls -la
+#
+# Memory issues?
+#   - Adjust PHP_MEMORY_LIMIT and resource limits
+#
+# Session/Redis errors?
+#   - Use SESSION_SAVE_HANDLER=files for development
+#   - Use SESSION_SAVE_HANDLER=redis for distributed sessions
+#
+# PHP-FPM crashes?
+#   - Check logs: make logs SERVICE=php
+#   - Verify config: docker compose config
+#
+# Run diagnostics:
+#   - make env-check          # Validate .env file
+#   - make diagnose-ports     # Check port conflicts
+#   - make docker-info        # Docker environment info
+#   - make status             # Service status
+#   - make health             # Health checks
+# ==============================================================================
+
+# ==============================================================================
+# PRODUCTION NOTES
+# ==============================================================================
+# For production deployment:
+#   1. Change APP_ENV=production
+#   2. Set APP_DEBUG=false
+#   3. Generate strong APP_SECRET: openssl rand -hex 32
+#   4. Set XDEBUG_MODE=off
+#   5. Set OPCACHE_VALIDATE_TIMESTAMPS=0
+#   6. Use SESSION_SAVE_HANDLER=redis with password
+#   7. Set proper resource limits
+#   8. Enable HTTPS/SSL termination
+#   9. Use managed Redis/Memcached services
+#   10. Implement proper backup strategy
+# ==============================================================================