Add GitHub Container Registry authentication to Podman role

- Deploy /etc/containers/auth.json with GHCR credentials
- Support for private container image pulls
- Credentials encrypted in Ansible vault
- Used by devigo and other services pulling from private registries
- Updated documentation with authentication setup

roles/podman/README.md

@@ -34,6 +34,27 @@ Podman is deployed as a system-level infrastructure service that provides contai
 
 All registries configured with HTTPS-only, no insecure connections allowed.
 
+### **Private Registry Authentication:**
+For private container images (e.g., from GitHub Container Registry), this role deploys authentication credentials:
+
+- **Auth file**: `/etc/containers/auth.json` (system-wide, for root containers)
+- **Permissions**: 0600 (root:root only)
+- **Credentials**: Stored encrypted in Ansible Vault
+- **Automatic**: Quadlet containers automatically use authentication when pulling images
+
+**Configuration:**
+```yaml
+# In group_vars/production/vault.yml (encrypted)
+vault_github_username: "your-username"
+vault_github_token: "ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
+# In group_vars/production/main.yml
+github_username: "{{ vault_github_username }}"
+github_token: "{{ vault_github_token }}"
+```
+
+When these variables are defined, the role automatically deploys authentication for ghcr.io.
+
 ## Application Integration
 
 Applications should create service-specific users and manage their own container deployments: