feat: Refactor rides app with unique constraints, mixins, and enhanced documentation

- Added migration to convert unique_together constraints to UniqueConstraint for RideModel.
- Introduced RideFormMixin for handling entity suggestions in ride forms.
- Created comprehensive code standards documentation outlining formatting, docstring requirements, complexity guidelines, and testing requirements.
- Established error handling guidelines with a structured exception hierarchy and best practices for API and view error handling.
- Documented view pattern guidelines, emphasizing the use of CBVs, FBVs, and ViewSets with examples.
- Implemented a benchmarking script for query performance analysis and optimization.
- Developed security documentation detailing measures, configurations, and a security checklist.
- Compiled a database optimization guide covering indexing strategies, query optimization patterns, and computed fields.

backend/static/js/main.js

@@ -1,3 +1,69 @@
+/**
+ * ThrillWiki Main JavaScript
+ *
+ * This file contains core functionality including:
+ * - CSRF token handling for HTMX and AJAX requests
+ * - Theme management
+ * - Mobile menu functionality
+ * - Flash message handling
+ * - Tooltip initialization
+ */
+
+// =============================================================================
+// CSRF Token Handling
+// =============================================================================
+
+/**
+ * Get CSRF token from cookies.
+ * Django sets the CSRF token in a cookie named 'csrftoken'.
+ *
+ * @returns {string|null} The CSRF token or null if not found
+ */
+function getCookie(name) {
+    let cookieValue = null;
+    if (document.cookie && document.cookie !== '') {
+        const cookies = document.cookie.split(';');
+        for (let i = 0; i < cookies.length; i++) {
+            const cookie = cookies[i].trim();
+            if (cookie.substring(0, name.length + 1) === (name + '=')) {
+                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                break;
+            }
+        }
+    }
+    return cookieValue;
+}
+
+/**
+ * Configure HTMX to include CSRF token in all requests.
+ * This handler runs before every HTMX request and adds the X-CSRFToken header.
+ */
+document.body.addEventListener('htmx:configRequest', (event) => {
+    // Only add CSRF token for state-changing methods
+    const method = event.detail.verb.toUpperCase();
+    if (['POST', 'PUT', 'PATCH', 'DELETE'].includes(method)) {
+        // Try to get token from cookie first
+        const csrfToken = getCookie('csrftoken');
+        if (csrfToken) {
+            event.detail.headers['X-CSRFToken'] = csrfToken;
+        } else {
+            // Fallback: try to get from meta tag or hidden input
+            const metaToken = document.querySelector('meta[name="csrf-token"]');
+            const inputToken = document.querySelector('input[name="csrfmiddlewaretoken"]');
+
+            if (metaToken) {
+                event.detail.headers['X-CSRFToken'] = metaToken.getAttribute('content');
+            } else if (inputToken) {
+                event.detail.headers['X-CSRFToken'] = inputToken.value;
+            }
+        }
+    }
+});
+
+// =============================================================================
+// Theme Handling
+// =============================================================================
+
 // Theme handling
 document.addEventListener('DOMContentLoaded', () => {
     const themeToggle = document.getElementById('theme-toggle');