Add devigo deployment role for mini-vps production environment

- Created comprehensive devigo Ansible role with Podman Quadlet support
- Deployed devigo-site container (Hugo + nginx) via systemd
- Deployed devigo-decap-oauth OAuth2 proxy for Decap CMS
- Integrated with Caddy reverse proxy for HTTPS

Services deployed:
- devigo.no (apex domain, primary)
- www.devigo.no (redirects to apex)
- decap.jnss.me (OAuth proxy)

Key features:
- REGISTRY_AUTH_FILE environment for Podman GHCR authentication
- TRUSTED_ORIGINS (plural) for decapcms-oauth2 multi-origin support
- JavaScript-based Decap CMS initialization (eliminates YAML MIME dependency)
- nginx location block for YAML MIME type (text/yaml)
- Automated deployment via GitHub Actions CI/CD
- Comprehensive documentation with troubleshooting guide
- Architecture decision records

Fixes applied during deployment:
- OAuth origin trust validation (TRUSTED_ORIGINS vs TRUSTED_ORIGIN)
- MIME type handling strategy (location-specific vs server-level types block)
- Decap CMS initialization method (JavaScript vs link tag)
- Podman authentication for systemd services (REGISTRY_AUTH_FILE)

Testing status:
- ✅ MIME types verified (HTML, CSS, YAML all correct)
- ✅ OAuth authentication working
- ✅ Container image pulls from private GHCR
- ✅ Automated deployments functional
- ✅ Site fully operational at devigo.no

roles/devigo/handlers/main.yml

@@ -0,0 +1,19 @@
+---
+- name: reload systemd
+  systemd:
+    daemon_reload: yes
+
+- name: restart devigo-decap-oauth
+  systemd:
+    name: "{{ devigo_oauth_container_name }}"
+    state: restarted
+
+- name: restart devigo-site
+  systemd:
+    name: devigo-site
+    state: restarted
+
+- name: reload caddy
+  systemd:
+    name: caddy
+    state: reloaded