Fix Traefik configuration issues and improve security

- Upgrade to traefik:latest to fix Docker API compatibility with v29
- Fix websecure entrypoint indentation in traefik.yml
- Remove obsolete DOCKER_API_VERSION environment variable
- Remove incompatible network_mode: host setting
- Set network to external for multi-compose compatibility
- Add environment variable support for certificate email
- Add acme.json to .gitignore for security
- Create acme.json with correct 600 permissions

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

docker-compose.yml

@@ -1,16 +1,13 @@
 services:
   traefik:
-    image: traefik:v3.2
+    image: traefik:latest
     container_name: traefik
     restart: unless-stopped
-    network_mode: host
     security_opt:
       - no-new-privileges:true
     ports:
       - "80:80"
       - "443:443"
-    environment:
-      - DOCKER_API_VERSION=1.44
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./traefik.yml:/etc/traefik/traefik.yml:ro
@@ -25,7 +22,6 @@ services:
       - "traefik.http.routers.traefik-dashboard.tls.certresolver=letsencrypt"
       - "traefik.http.routers.traefik-dashboard.middlewares=traefik-auth"
       - "traefik.http.middlewares.traefik-auth.basicauth.users=${DASHBOARD_USER}:${DASHBOARD_PASSWORD}"
-
 networks:
   traefik-net:
-    external: false
+    external: true