feat: add HTTP Basic Auth to Scrapyd for security

Added Traefik Basic Auth middleware to secure Scrapyd web interface:
- Added basicauth middleware to scrapyd service labels
- Middleware chains auth with compression for HTTPS routes
- Added SCRAPY_AUTH_USERS environment variable to arty.yml
- Credentials stored in .env (htpasswd format with escaped $)

Access to scrapy.pivoine.art now requires username/password.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

arty.yml

@@ -62,6 +62,7 @@ envs:
     SCRAPY_TRAEFIK_HOST: scrapy.pivoine.art
     SCRAPY_SCRAPYD_PORT: 6800
     SCRAPY_SCRAPYRT_PORT: 9080
+    SCRAPY_AUTH_USERS: admin:$$apr1$$changeme$$example
     # n8n
     N8N_TRAEFIK_ENABLED: true
     N8N_COMPOSE_PROJECT_NAME: n8n

scrapy/compose.yaml

@@ -19,8 +19,9 @@ services:
       - 'traefik.http.routers.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure.rule=Host(`${SCRAPY_TRAEFIK_HOST}`)'
       - 'traefik.http.routers.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure.tls.certresolver=resolver'
       - 'traefik.http.routers.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure.entrypoints=web-secure'
+      - 'traefik.http.middlewares.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-auth.basicauth.users=${SCRAPY_AUTH_USERS}'
       - 'traefik.http.middlewares.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure-compress.compress=true'
-      - 'traefik.http.routers.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure.middlewares=${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure-compress'
+      - 'traefik.http.routers.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure.middlewares=${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-auth,${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure-compress'
       - 'traefik.http.services.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure.loadbalancer.server.port=6800'
       - 'traefik.docker.network=${NETWORK_NAME}'
       - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'