feat: remove Authelia from services with own auth

Remove Authelia ForwardAuth middleware from services that have their own
authentication systems to avoid double login:

- Umami: Analytics service with built-in user authentication
- Asciinema: Terminal recording platform with email-based auth
- Gitea: Git service with user accounts
- n8n: Workflow automation with user management
- Coolify: Deployment platform with authentication

Services still protected by Authelia (single auth layer):
- Mailpit: SMTP testing (no auth)
- Traefik Dashboard: Proxy admin interface
- Netdata: System monitoring (no auth)
- Scrapy: Web scraping (protected by basic auth + Authelia)
- Restic: Backup system (no auth)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

net/authelia/configuration.yml

@@ -73,13 +73,6 @@ access_control:
         - "proxy.pivoine.art"
       policy: one_factor
 
-    # Development services
-    - domain:
-        - "dev.pivoine.art"
-        - "n8n.pivoine.art"
-        - "asciinema.pivoine.art"
-        - "coolify.pivoine.art"
-      policy: two_factor
 
 # session secret set via environment variable: AUTHELIA_SESSION_SECRET
 session:

net/compose.yaml

@@ -218,6 +218,7 @@ services:
       - 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.rule=Host(`${NET_TRACK_TRAEFIK_HOST}`)'
       - 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.tls.certresolver=resolver'
       - 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.entrypoints=web-secure'
+      - 'traefik.http.routers.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.middlewares=security-headers@file'
       - 'traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-umami-web-secure.loadbalancer.server.port=3000'
       - 'traefik.docker.network=${NETWORK_NAME}'