Add GitHub Container Registry authentication to Podman role

- Deploy /etc/containers/auth.json with GHCR credentials
- Support for private container image pulls
- Credentials encrypted in Ansible vault
- Used by devigo and other services pulling from private registries
- Updated documentation with authentication setup

roles/podman/tasks/main.yml

@@ -61,6 +61,29 @@
   changed_when: false
   failed_when: false
 
+# =================================================================
+# Container Registry Authentication
+# =================================================================
+# Deploy system-wide authentication for private container registries
+# Currently supports: GitHub Container Registry (ghcr.io)
+
+- name: Deploy GitHub Container Registry authentication
+  copy:
+    content: |
+      {
+        "auths": {
+          "ghcr.io": {
+            "auth": "{{ (github_username + ':' + github_token) | b64encode }}"
+          }
+        }
+      }
+    dest: /etc/containers/auth.json
+    mode: '0600'
+    owner: root
+    group: root
+  when: github_username is defined and github_token is defined
+  no_log: true  # Don't log sensitive authentication data
+
 - name: Display Podman infrastructure status
   debug:
     msg: |
@@ -70,6 +93,7 @@
       🔒 Security: Rootless container runtime enabled
       📦 Registries: {{ podman_registries | join(', ') }}
       🏗️ Storage: {{ 'overlay' if 'overlay' in podman_system_info.stdout else 'system default' }}
+      🔑 Auth: {{ 'GitHub Container Registry configured' if (github_username is defined and github_token is defined) else 'No private registry auth' }}
       
       🚀 Ready for containerized applications!