This new role also adds native Traefik support and support for other
(non-`amd64`) architectures via self-building.

If someone disables ACME, then they're using their own certificates
somehow. There's nothing to dump from an `acme.json` file.

We don't need these 2 roughly-the-same settings related to the
traefik-certs-dumper role.

For Traefik, it makes sense, because it's a component used by the
various related playbooks and they could step onto each other's toes
if the role is enabled, but Traefik is disabled (in that case, uninstall
tasks will run).

As for Traefik certs dumper, the other related playbooks don't have it,
so there's no conflict. Even if they used it, each one would use its own
instance (different `devture_traefik_certs_dumper_identifier`), so there
wouldn't be a conflict and uninstall tasks can run without any danger.

This allows people wishing to change or unset the resolver,
to have a single variable which they can toggle.

Unsetting the resolver is useful for using your own certificates
(not coming from a certificate resolver).

Fixes a regression introduced in 0220c851e8

There are no arm64 images published.. yet

Continuation of 6cda711

The newly extracted role also has native Traefik support,
so we no longer need to rely on `matrix-nginx-proxy` for
reverse-proxying to Ntfy.

The new role uses port `80` inside the container (not `8080`, like
before), because that's the default assumption of the officially
published container image. Using a custom port (like `8080`), means the
default healthcheck command (which hardcodes port `80`) doesn't work.
Instead of fiddling to override the healthcheck command, we've decided
to stick to the default port instead. This only affects the
inside-the-container port, not any external ports.

The new role also supports adding the network ranges of the container's
multiple additional networks as "exempt hosts". Previously, only one
network's address range was added to "exempt hosts".

Wiring happens via `group_vars/matrix_servers` now.

Related to 6a52be7987 and 28e7ef9c71f02

Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now

Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now

Serving at a path other than `/` doesn't work well yet.

Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now

Regression since 3d9aa8387e

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2474

Seems like this affected all "own webserver" deployments, which required
port exposure.

`playbook-managed-traefik` and `playbook-managed-nginx` were not affected.

Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now.

Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2472

It's probably unnecessary, as this user is only used in the borg container
internally, but.. It doesn't hurt to set it to `matrix`.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2465

We'd like to auto-enable traefik-certs-dumper for these setups.

`devture_traefik_certs_dumper_ssl_dir_path` will be empty though,
so the role's validation will point people in the right direction.