refactor(docker): remove the bundled Traefik reverse proxy

[tobiasstrebitzer]

Summary

With PR1 making the API serve both the UI and the API on a single port, the shipped Traefik service
no longer earns its place. As configured it was a single-backend passthrough - it forwarded one
public port to openwa-api:2785 and terminated no TLS out of the box (the certificatesResolver was
commented out and :443 was never published). Its original job was to merge two backends (the nginx
dashboard + the API) behind one port; that job no longer exists.

This PR removes Traefik entirely. For TLS / public exposure, front the API with your own reverse
proxy - nginx, Caddy, a cloud load balancer, or a k8s Ingress (there is an nginx example in
docs/12-troubleshooting-faq.md).

What changed

• Removes the traefik service from docker-compose.yml and the traefik/ configs
  (traefik.yml, dynamic.yml).
• Removes the with-proxy profile and the PROXY_ENABLED / DASHBOARD_PORT env vars
  (and the related TRAEFIK_ACME_* placeholders).
• Removes the traefik-config regression test (it asserted Traefik's TLS/insecure-dashboard config,
  which no longer exists).
• Repoints the full profile to the optional datastores (postgres, redis, minio). Note:
  previously full only carried Traefik + the dashboard, so after their removal it would have started
  nothing - this makes --profile full actually mean "all optional services."
• scripts/openwa.sh: drops the proxy profile toggle; updates the start/stop output.
• Docs/CHANGELOG updated.

Net change

• PR2 (this PR, on top of PR1): 11 files, +44 / −146 (≈ −100 net), and one fewer service.
• Mostly deletions: the Traefik service, two config files, the traefik-config test, and the
  proxy plumbing across compose/env/docs.

Breaking changes & migration

• The with-proxy compose profile and the PROXY_ENABLED / DASHBOARD_PORT env vars are removed
  (silently ignored if still set).
• --profile full now starts the optional datastores (postgres, redis, minio) instead of
  Traefik + the dashboard.
• If you relied on Traefik for TLS, put your own reverse proxy in front of the API. The API binds
  its own port; a single-service container is trivially easy to front with any proxy/ingress.

Deliberately left as-is

• docs/13-horizontal-scaling.md keeps Traefik/Nginx as a load balancer in front of multiple API
  replicas - that is a legitimate scaling use (a different concern from the removed single-backend
  passthrough) and is explicitly framed as a future design sketch.

Testing / verification

• npm test (434 - two fewer than PR1, the removed traefik-config spec), npm run test:e2e (9),
  npm run lint, docker compose config - all green.
• docker compose --profile full config --services → docker-proxy, openwa-api, postgres, redis, minio.
• Default docker compose config --services → docker-proxy, openwa-api (UI served by the API).

Notes for reviewers

• This is intentionally a separate PR from the same-port dashboard change: it affects a different group
  of users (those who used --profile with-proxy for TLS) and is an opinionated removal that can be
  reviewed/reverted on its own.