Add Go port documentation and usage instructions to README

README.md

@@ -55,3 +55,42 @@ make_pfx --ca-dir <ca_directory> [--issuing-ca <file_prefix>] --path <pfx_file_p
 - `--issuing-ca <file_prefix>`: The file prefix of the issuing CA to include in the chain.
 - `--path <pfx_file_path>`: The path where the generated PFX file will be saved.
 - `--password <pfx_password>`: Optional. The custom password to protect the PFX, instead of the default `changeit`.
+
+## Go binary
+
+A Go port with the same feature set lives in [`src/simple-ca`](src/simple-ca). It compiles to a single self-contained binary (~5–6 MB) with no runtime dependencies, and exposes `make-ca`, `make-cert`, and `make-pfx` as subcommands mirroring the Bash flag names.
+
+### Build for the host platform
+
+```bash
+cd src/simple-ca
+go build -o simple-ca .
+./simple-ca --help
+```
+
+### Cross-compile
+
+Go builds statically linked binaries for any target from any host:
+
+```bash
+cd src/simple-ca
+
+# Linux
+GOOS=linux   GOARCH=amd64 go build -o simple-ca-linux-amd64 .
+GOOS=linux   GOARCH=arm64 go build -o simple-ca-linux-arm64 .
+
+# macOS
+GOOS=darwin  GOARCH=amd64 go build -o simple-ca-darwin-amd64 .
+GOOS=darwin  GOARCH=arm64 go build -o simple-ca-darwin-arm64 .
+
+# Windows
+GOOS=windows GOARCH=amd64 go build -o simple-ca-windows-amd64.exe .
+```
+
+### Usage
+
+```bash
+simple-ca make-ca   [--days N] [--issuing-ca PREFIX] [--aia-base-url URL] CA_DIR CA_NAME
+simple-ca make-cert [--ca-dir DIR] [--days N] [--issuing-ca PREFIX] CERT_DIR SUBJECT [SAN...]
+simple-ca make-pfx  --ca-dir DIR [--issuing-ca PREFIX] --path CERT_PATH [--password PASS]
+```