allow setting custom settings

[firefart]

This allows for custom MISP settings at startup. Mounting a json file is way easier than putting a escaped json in the .env file

[Copilot]

Pull request overview

This PR adds a mechanism to apply operator-provided MISP settings from a JSON file during container startup, enabling configuration beyond the existing env-var-driven and safe-default settings system.

Changes:

• Added MISP_SETTINGS_FILE support and an optional settings.json bind mount to apply arbitrary MISP settings on boot.
• Documented the new startup-settings workflow in the README and surfaced the new env var in template.env.
• Ignored settings.json in git to avoid accidental commits.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
template.env	Documents the new MISP_SETTINGS_FILE env var (commented).
README.md	Adds instructions and an example for providing startup settings via settings.json.
docker-compose.yml	Adds an optional settings.json volume mount and passes MISP_SETTINGS_FILE into misp-core.
core/files/configure_misp.sh	Implements applying settings from JSON via cake Admin setSetting at startup.
.gitignore	Adds settings.json to ignore list.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[ostefano]

@firefart thank you for this, but I would want to spend a bit more time on it, and have @UFOSmuggler collaborate as well. We would also need a tool to convert existing configurations

[firefart]

The file is empty to begin with, so existing installations are not affected. If people want to migrate existing configurations to this setup they simply need to put in their settings line by line, other settings are untouched. So I guess we need no tool to convert existing configurations, or is there already something else in place to set custom configuration settings that needs to be migrated?

[ostefano]

There are some catches. Some settings requires the force flag when set via the setSetting command, and there are sets of settings that need to be added first (because they rely on others) so it's not super easy sailing. That's why I would like @UFOSmuggler to give it a look first.

[ostefano]

Alternatively if you feel taking up the challenge see how the existing settings are grouped together (optional, minimum, etc), and try to replicate it. Maybe we can leave the JSON as-is and pass it to each section for "additiona" non-env var specified settings?