Consolidate duplicate functions, bump to v1.0.1

- Remove duplicate log/error_exit/warning/success/info from hops and
  uninstall; remove validate_password, generate_secure_password,
  create_docker_networks, validate_timezone from install. Single
  canonical copies now live in lib/common.sh, lib/security.sh,
  lib/validation.sh, and lib/docker.sh (A5, Q1)
- Fix lib/docker.sh, lib/validation.sh, lib/security.sh to use LIB_DIR
  instead of SCRIPT_DIR so sourcing them inside a function does not
  clobber the caller's SCRIPT_DIR
- Move SCRIPT_VERSION to lib/common.sh as the single source of truth;
  remove local declarations from hops, install, and uninstall
- uninstall now sources lib/common.sh directly for standalone safety
- validate_timezone updated to warn-and-default instead of error_exit
- validate_password updated to handle empty input (return 3)
- Update CHANGELOG and TODO to reflect resolved items (B1-B6, A1, A3,
  A5, Q1) and bump version to 1.0.1

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

TODO.md

@@ -160,12 +160,16 @@ Generated by codebase audit (2026-06-10). Ranked by severity.
 - Fix passphrase-on-command-line exposure (S1, S2).
 - Wire encrypt/decrypt calls into `install` flow.
 
-### A5 -- `hops` duplicates functions from `lib/common.sh` [HIGH] -- DO FIRST
+### A5 -- `hops` duplicates functions from `lib/common.sh` [HIGH] -- RESOLVED
 - `log`, `error_exit`, `warning`, `success`, `info`, `validate_timezone`,
-  `validate_password`, `generate_secure_password`, `create_docker_networks`,
-  `get_service_port/image` are all defined twice (or three times).
-- Fix: source `lib/common.sh` from `hops` and remove local duplicates.
-- Must be done before bug fixes to avoid patching the same logic in multiple places.
+  `validate_password`, `generate_secure_password`, `create_docker_networks`
+  removed from `hops`, `uninstall`, and `install`. Canonical copies kept in
+  `lib/common.sh`, `lib/security.sh`, `lib/validation.sh`, `lib/docker.sh`.
+- Fixed `lib/docker.sh`, `lib/validation.sh`, `lib/security.sh` to use `LIB_DIR`
+  instead of `SCRIPT_DIR` so sourcing them inside a function doesn't clobber
+  the caller's `SCRIPT_DIR`.
+- `validate_timezone` updated to warn-and-default instead of error_exit.
+- `validate_password` updated to handle empty input (return 3).
 
 ### A6 -- Caddy is unreachable via the menu [LOW]
 - `services` defines `generate_caddy` but the `select_services` menu in
@@ -236,10 +240,8 @@ Generated by codebase audit (2026-06-10). Ranked by severity.
 
 ## CODE QUALITY
 
-### Q1 -- Three separate error-handling implementations [HIGH] -- DO FIRST
-- `hops`, `uninstall`, and `lib/common.sh` each define their own `error_exit`
-  and `log` with different formats. Consolidate in `lib/common.sh`.
-- Covered by A5; tracked here for completeness.
+### Q1 -- Three separate error-handling implementations [HIGH] -- RESOLVED
+- Covered by A5; all resolved.
 
 ### Q2 -- `set -e` + intentional non-zero returns is a minefield [MED]
 - `validate_password` returns 1/2/3, `check_port` returns 1 -- these work only
@@ -262,15 +264,15 @@ Generated by codebase audit (2026-06-10). Ranked by severity.
 
 ### Cleanup first (do before any bug fixes)
 1. [DONE] Delete Path B files (A1/A3)
-2. Consolidate duplicate functions into `lib/common.sh` (A5, Q1) -- one copy to fix
+2. [DONE] Consolidate duplicate functions into `lib/common.sh` (A5, Q1)
 3. Reconcile `lib/docker.sh` service maps with `services` (A2) -- one catalog to fix
 4. Remove debug echo statements from `lib/system.sh` (Q3) -- reduce noise
 
 ### Bug fixes
-5. Fix B1 (infinite recursion in `services`) -- unblocks all Linux installs
-6. Fix B5 (`((x++))` under `set -e`) -- prevents silent aborts
-7. Fix B3 (glob directory detection) -- fixes multi-user and uninstall
-8. Fix B4 (wrong filename in firewall setup)
+5. [DONE] Fix B1 (infinite recursion in `services`)
+6. [DONE] Fix B5 (`((x++))` under `set -e`)
+7. [DONE] Fix B3 (glob directory detection)
+8. [DONE] Fix B4 (wrong filename in firewall setup)
 9. Fix B7 (intra-selection port collision detection)
 
 ### Security pass