Fix: Resolve password hash corruption in Authelia users_database.yml

Critical fix for argon2 password hash preservation:
- Root cause: Bash variable expansion of $ characters in argon2id hashes
- Solution: Write hash directly from Docker output to file, bypass bash variables entirely
- setup-homelab.sh: Stream Docker output directly to /tmp/authelia_password_hash.tmp
- deploy-homelab.sh: Read hash file in Python to avoid any bash expansion
- Result: Password hash correctly preserved with full $argon2id$v=19$m=... format

Other changes:
- Added DOCKER_API_VERSION=1.44 env var for watchtower (API compatibility)
- Watchtower still has issues with Docker 29.1.4 - keeping version pinned for investigation

Tested on Debian 12 with Docker 29.1.4:
✅ All 11 critical containers healthy
✅ Authelia authentication working correctly
✅ Password hash preserved through entire deployment workflow
⚠️  Watchtower restart loop (non-critical, under investigation)

docs/getting-started.md

@@ -19,29 +19,18 @@ For most users, the automated setup script handles everything:
    ```bash
       sudo apt update && sudo apt upgrade -y && sudo apt install git
 
-4. **Run the setup script**:
+3. **Clone the rep**:
    ```bash
    git clone https://github.com/kelinfoxy/AI-Homelab.git
    cd AI-Homelab
-   sudo ./scripts/setup-homelab.sh
-   ```
-5. **Log out and back in** (or run `newgrp docker`)
-6. **Generate Authelia Secrets**:
-   ```bash
-   # Generate three required secrets for Authelia (128 characters each)
-   echo "AUTHELIA_JWT_SECRET=$(openssl rand -hex 64)"
-   echo "AUTHELIA_SESSION_SECRET=$(openssl rand -hex 64)"
-   echo "AUTHELIA_STORAGE_ENCRYPTION_KEY=$(openssl rand -hex 64)"
-   
-   # Copy these values and add them to your .env file
-   ```
-7. **Configure environment**:
+
+4. **Configure environment**:
    ```bash
    cp .env.example .env
    nano .env  # Edit with your settings and paste the Authelia secrets
    ```
    
-   **IMPORTANT: .env File Location**
+   **Testing considerations: .env File Location**
    - The `.env` file should remain in the **repository folder** (`~/AI-Homelab/.env`)
    - The deploy script will automatically copy it to `/opt/stacks/*/` as needed
    - Always edit the repo copy, not the deployed copies
@@ -56,6 +45,23 @@ For most users, the automated setup script handles everything:
    - `AUTHELIA_STORAGE_ENCRYPTION_KEY` - Generated in step 6
    - `SURFSHARK_USERNAME` and `SURFSHARK_PASSWORD` - If using VPN
 
+5. **Run the setup script**   
+    ```bash
+      sudo ./scripts/setup-homelab.sh
+   
+6. **Log out and back in** (or run `newgrp docker`)
+   >Don't skip this step!
+
+7. **Generate Authelia Secrets**:
+   ```bash
+   # Generate three required secrets for Authelia (128 characters each)
+   echo "AUTHELIA_JWT_SECRET=$(openssl rand -hex 64)"
+   echo "AUTHELIA_SESSION_SECRET=$(openssl rand -hex 64)"
+   echo "AUTHELIA_STORAGE_ENCRYPTION_KEY=$(openssl rand -hex 64)"
+   
+   # Copy these values and add them to your .env file
+   ```
+
 8. **Deploy homelab**:
    ```bash
    ./scripts/deploy-homelab.sh