Add autostart functionality and power management for Raspberry Pi

- Enhanced install.sh with comprehensive autostart workflow:
  * XDG autostart entry (desktop environment)
  * systemd user service (most reliable)
  * LXDE autostart support (Raspberry Pi OS)
  * Cron fallback (@reboot)
  * Terminal mode enabled for debugging

- Added Raspberry Pi power management features:
  * Disable HDMI screen blanking
  * Prevent CPU power saving (performance mode)
  * Disable system sleep/suspend
  * X11 screensaver disabled
  * Display power management (DPMS) disabled

- Fixed sudo compatibility:
  * Properly detects actual user when run with sudo
  * Correct file ownership for user configs
  * systemctl --user works correctly

- Player launches in terminal for error visibility
- Autostart configured to use start.sh (watchdog with auto-restart)

src/player_auth.py

@@ -2,12 +2,14 @@
 Player Authentication Module for Kiwy-Signage
 Handles secure authentication with DigiServer v2
 Uses: hostname → password/quickconnect → get auth_code → use auth_code for API calls
+Now with HTTPS support and SSL certificate management
 """
 import os
 import json
 import requests
 import logging
 from typing import Optional, Dict, Tuple
+from ssl_utils import SSLManager, setup_ssl_for_requests
 
 # Set up logging
 logger = logging.getLogger(__name__)
@@ -16,13 +18,19 @@ logger = logging.getLogger(__name__)
 class PlayerAuth:
     """Handle player authentication with DigiServer v2."""
     
-    def __init__(self, config_file: str = 'player_auth.json'):
+    def __init__(self, config_file: str = 'player_auth.json', 
+                 use_https: bool = True, verify_ssl: bool = True):
         """Initialize player authentication.
         
         Args:
             config_file: Path to authentication config file
+            use_https: Whether to use HTTPS for connections
+            verify_ssl: Whether to verify SSL certificates
         """
         self.config_file = config_file
+        self.use_https = use_https
+        self.verify_ssl = verify_ssl
+        self.ssl_manager = SSLManager(verify_ssl=verify_ssl)
         self.auth_data = self._load_auth_data()
     
     def _load_auth_data(self) -> Dict:
@@ -65,7 +73,7 @@ class PlayerAuth:
         """Authenticate with DigiServer v2.
         
         Args:
-            server_url: Server URL (e.g., 'http://server:5000')
+            server_url: Server URL (e.g., 'http://server:5000' or 'https://server')
             hostname: Player hostname/identifier
             password: Player password (optional if using quickconnect)
             quickconnect_code: Quick connect code (optional if using password)
@@ -77,6 +85,20 @@ class PlayerAuth:
         if not password and not quickconnect_code:
             return False, "Password or quick connect code required"
         
+        # Normalize server URL to HTTPS if needed
+        if self.use_https:
+            server_url = self.ssl_manager.validate_url_scheme(server_url)
+            
+            # Try to download certificate if not present
+            if not self.ssl_manager.has_certificate():
+                logger.info("Downloading server certificate for HTTPS verification...")
+                success, error = self.ssl_manager.download_server_certificate(server_url, timeout=timeout)
+                if not success:
+                    logger.warning(f"⚠️ Certificate download failed: {error}")
+                    if self.verify_ssl:
+                        return False, error
+                    # Continue with unverified connection for testing
+        
         # Prepare authentication request
         auth_url = f"{server_url}/api/auth/player"
         payload = {
@@ -87,7 +109,10 @@ class PlayerAuth:
         
         try:
             logger.info(f"Authenticating with server: {auth_url}")
-            response = requests.post(auth_url, json=payload, timeout=timeout)
+            
+            # Use SSL-configured session
+            session = self.ssl_manager.get_session()
+            response = session.post(auth_url, json=payload, timeout=timeout)
             
             if response.status_code == 200:
                 data = response.json()
@@ -119,8 +144,16 @@ class PlayerAuth:
                 logger.error(error_msg)
                 return False, error_msg
         
-        except requests.exceptions.ConnectionError:
-            error_msg = "Cannot connect to server"
+        except requests.exceptions.SSLError as e:
+            error_msg = f"SSL Certificate Error: {e}"
+            logger.error(error_msg)
+            if self.verify_ssl:
+                logger.error("  This usually means the server certificate is not trusted.")
+                logger.error("  Try downloading the server certificate or disabling SSL verification.")
+            return False, error_msg
+        
+        except requests.exceptions.ConnectionError as e:
+            error_msg = f"Connection Error: {e}"
             logger.error(error_msg)
             return False, error_msg
         
@@ -154,7 +187,9 @@ class PlayerAuth:
         payload = {'auth_code': self.auth_data.get('auth_code')}
         
         try:
-            response = requests.post(verify_url, json=payload, timeout=timeout)
+            # Use SSL-configured session
+            session = self.ssl_manager.get_session()
+            response = session.post(verify_url, json=payload, timeout=timeout)
             
             if response.status_code == 200:
                 data = response.json()
@@ -165,6 +200,10 @@ class PlayerAuth:
             logger.warning("❌ Auth code invalid or expired")
             return False, None
         
+        except requests.exceptions.SSLError as e:
+            logger.error(f"SSL Error during verification: {e}")
+            return False, None
+        
         except Exception as e:
             logger.error(f"Failed to verify auth: {e}")
             return False, None
@@ -195,7 +234,9 @@ class PlayerAuth:
         
         try:
             logger.info(f"Fetching playlist from: {playlist_url}")
-            response = requests.get(playlist_url, headers=headers, timeout=timeout)
+            # Use SSL-configured session
+            session = self.ssl_manager.get_session()
+            response = session.get(playlist_url, headers=headers, timeout=timeout)
             
             if response.status_code == 200:
                 data = response.json()
@@ -211,6 +252,10 @@ class PlayerAuth:
                 logger.error(f"Failed to get playlist: {response.status_code}")
                 return None
         
+        except requests.exceptions.SSLError as e:
+            logger.error(f"SSL Error fetching playlist: {e}")
+            return None
+        
         except Exception as e:
             logger.error(f"Error fetching playlist: {e}")
             return None
@@ -240,10 +285,16 @@ class PlayerAuth:
         payload = {'status': status}
         
         try:
-            response = requests.post(heartbeat_url, headers=headers, 
+            # Use SSL-configured session
+            session = self.ssl_manager.get_session()
+            response = session.post(heartbeat_url, headers=headers, 
                                    json=payload, timeout=timeout)
             return response.status_code == 200
         
+        except requests.exceptions.SSLError as e:
+            logger.debug(f"SSL Error in heartbeat: {e}")
+            return False
+        
         except Exception as e:
             logger.debug(f"Heartbeat failed: {e}")
             return False
@@ -284,10 +335,16 @@ class PlayerAuth:
         }
         
         try:
-            response = requests.post(feedback_url, headers=headers, 
+            # Use SSL-configured session
+            session = self.ssl_manager.get_session()
+            response = session.post(feedback_url, headers=headers, 
                                    json=payload, timeout=timeout)
             return response.status_code == 200
         
+        except requests.exceptions.SSLError as e:
+            logger.debug(f"SSL Error sending feedback: {e}")
+            return False
+        
         except Exception as e:
             logger.debug(f"Feedback failed: {e}")
             return False