Circuit breaker state resets on server restart

[fenilsonani]

Circuit breakers are entirely in-memory (`internal/resilience/circuitbreaker.go`). When the server restarts, every breaker resets to closed. If a domain's MX was broken (breaker open), the server immediately starts hammering it again with delivery attempts until it hits the failure threshold (5 failures) and re-opens.

This creates a burst of unnecessary connections to broken servers on every restart, and delays delivery to other domains while workers are tied up on known-bad destinations.

Current behavior

```
restart → all breakers closed → 5 failed attempts per broken domain → breaker opens again
```

With N broken domains queued, that's 5×N wasted delivery attempts before things stabilize.

Suggestion

Persist breaker state (domain, state, failure count, last failure time) to Redis alongside the queue data. On startup, restore breaker state for domains that were recently open. A simple hash per domain with a TTL matching the breaker timeout would work — no need for a full state machine in Redis.

Alternatively, a lighter approach: on startup, check `delivery_log` for domains with recent consecutive failures and pre-open their breakers.

[fenilsonani]

Resolved in PR #39 — Fix delivery engine data sync: status updates, webhooks, suppression, and reliability.

Circuit breakers now warm up on startup via warmupCircuitBreakers() (called at delivery.go:236). It queries delivery_log for domains with 5+ recent consecutive failures and pre-opens their breakers using the new ForceOpen() method on CircuitBreaker.

This eliminates the delivery storm on restart — broken domains start with open breakers instead of closed ones.

Relevant code:

• internal/smtp/delivery/delivery.go:236 — warmupCircuitBreakers() called during engine init
• internal/resilience/circuitbreaker.go:340 — ForceOpen() with proper lastFailureTime stamping
• Tests covering failing domain warmup, recovered domain (no warmup), and nil DB safety