* feat: support container_network=host across all roles + systemd templates

Mirror the pattern Slavi introduced for matrix-coturn (aafa8f0) across the
fork: every 'Ensure X container network is created' task gets a
'when: <var> not in ["", "host"]' guard so MDAD does not try to
docker_network create a network literally named 'host' (returns 403,
since host is a pre-defined Docker network).

Mirror the same guard in every systemd unit template that does
'ExecStartPre=docker network connect <addnet> <container>' loops over
matrix_<role>_container_additional_networks: skip the connects when the
container is on host networking (where additional --network attaches
are invalid).

Unblocks DiD setups where MDAD-managed containers share their host's
network namespace (matrix-mdad outer compose service joined to central
postgres/openldap networks) to reach external services on the outer
Docker daemon.

* Simplify container network guards (!= 'host') and fix duplicate when

Guarding on the empty string ('') as well was misleading: systemd unit
templates still render an unconditional --network= flag, so an empty
network value produces a broken docker create command. Only 'host' is
actually supported, so only guard on that. This also matches the
existing convention in the Traefik role
(when: traefik_container_network != 'host').

Also fix a duplicate when key in the meshtastic-relay role, where the
network-creation task already had a when condition - the two are now
combined into a list.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>

Roles affected: appservice-discord, appservice-irc, beeper-linkedin,
heisenbridge, hookshot, mautrix-bluesky, mautrix-discord,
mautrix-gmessages, mautrix-googlechat, mautrix-signal, mautrix-slack,
mautrix-twitter, mautrix-whatsapp, mautrix-wsproxy, mx-puppet-groupme,
mx-puppet-steam, postmoogle, sms, steam, cactus-comments, element,
fluffychat, schildichat, conduit, corporal, dendrite,
ldap-registration-proxy, media-repo, pantalaimon,
prometheus-nginxlog-exporter, registration, sygnal, synapse-admin,
user-verification-service.

For each role: renamed _docker_image* variables to _container_image*
(and _docker_src_files_path to _container_src_files_path where
applicable), added deprecation entries in validate_config.yml, and
updated group_vars/docs references.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

This also moves msc4190 to the correct section for twitter

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4549

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4445

* Add matrix_bridges_msc4190_enabled flag for using msc4190 on supported mautrix bridges.

* Apply to_json to msc4190 in mautrix configs

* Add | to_json to mautrix bridge registration io.element.msc4190.

* require matrix_synapse_experimental_features_msc3202_device_masquerading_enabled for matrix_bridges_msc4190_enabled

* Also add msc4190 support for mautrix-telegram

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

`-t` works on both old and new Docker versions, so it's best to use that.

We'be already been going against upstream defaults and have been
enabling backfilling for a few other bridges (Messenger, Instagram, Telegram, Twitter).

Now I'm enabling backfilling by default for the remaining ones, for
consistency.

While working on upgrading the Meta bridges to bridgev2, I've noticed
that {% raw %} and {% endraw %} on lines like that (immediately
preceding `username_template` may cause YAML indentation issues.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3479#issuecomment-2294956958

Since upgrading mautrix-slack (and pinning to v0.1.0) in e4b54c37fe258b17f49dd7ed58a18ef3abac1c41,
we expect double-puppeting to require the new appservice double-puppeting method.

This commit switches the mautrix-slack bridge to it.

Related to:
- https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3479
- https://github.com/mautrix/slack/releases/tag/v0.1.0
- https://mau.fi/blog/2024-08-mautrix-release/

This is an attempt at optimizing service startup.

The effect is most pronounced when many services are restarted one by one.
The systemd service manager role sometimes does this - for example when `just install-service synapse` runs.
In such cases, a 5-second delay for each Synapse worker service
(or other bridge/bot service that waits on the homeserver) quickly adds up to a lot.

When services are all stopped fully and then started, the effect is not so pronounced, because
`matrix-synapse.service` starts first and pulls all worker services (defined as `Wants=` for it).
Later on, when the systemd service manager role "starts" these worker services, they're started already.
Even if they had a 5-second wait each, it would have happened in parallel.