Implement shared CA certificate system for multi-server TLS security

- Generate shared CA during core deployment for consistent trust across servers
- Modify setup_docker_tls() to use shared CA instead of per-server CAs
- Update share_certs_with_core() to copy shared CA from core server
- Re-enable TLS verification (DOCKER_TLS_VERIFY=1) in Sablier
- Fix Sablier certificate mounting for proper TLS connection
- Add docker-tls/ to .gitignore to prevent certificate leaks
- Update documentation for shared CA approach

docker-compose/media-management/docker-compose.yml

@@ -28,7 +28,7 @@ services:
       - PGID=${PGID}
       - TZ=${TZ}
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://${SERVER_IP}:8989/"]
+      test: ["CMD", "curl", "-f", "http://localhost:8989/"]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -73,7 +73,7 @@ services:
       - PGID=${PGID}
       - TZ=${TZ}
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://${SERVER_IP}:7878/"]
+      test: ["CMD", "curl", "-f", "http://localhost:7878/"]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -116,7 +116,7 @@ services:
       - PGID=${PGID}
       - TZ=${TZ}
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://${SERVER_IP}:9696/"]
+      test: ["CMD", "curl", "-f", "http://localhost:9696/"]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -315,7 +315,7 @@ services:
       - LOG_LEVEL=info
       - TZ=${TZ}
     healthcheck:
-      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://${SERVER_IP}:5055/"]
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5055/"]
       interval: 30s
       timeout: 10s
       retries: 3