feat: Add ACME challenge and SSL auto-renewal support to openqa-cloud-webserver
- Enhanced webserver role with ACME challenge support similar to reverse-proxy role
- Added automatic SSL certificate detection (ACME vs legacy certificates)
- Implemented ACME challenge serving via /.well-known/acme-challenge/ path
- Added systemd timer and service for automatic certificate renewal
- Enhanced Apache configuration with ProxyPass exclusion for ACME paths
- Added firewall configuration for HTTP/HTTPS port forwarding
- Created production deployment and ACME setup scripts
- Added letsencrypt directory mounting to container
- Enhanced init script with ACME certificate detection logic
- Added certificate monitoring with daily expiration checks
Certificate renewal features:
- Daily systemd timer for certificate renewal
- ACME.sh cron job integration
- Automatic service restart after renewal
- Smart certificate path detection based on hostname
- SELinux context handling for certificate directories
Production deployment tools:
- deploy-production.sh: Automated deployment script
- setup-acme-production.sh: ACME certificate setup
- hosts.production: Production inventory configuration
- Enhanced Makefile with ACME targets
This provides complete parity with openqa-cloud-reverse-proxy ACME capabilities.