Add Podman container infrastructure role for containerized services

- Implemented complete Podman infrastructure role following rick-infra patterns
- Minimal installation approach: only install podman, trust Arch dependency management
- Configured with crun runtime for optimal performance and security
- Security-focused: HTTPS-only registries, rootless containers, systemd hardening
- Registry support: docker.io, quay.io, ghcr.io with secure configurations
- Ready for service-specific users with isolated container environments
- Quadlet support for native systemd container management
- Container-to-host networking via bridge networks with host gateway access
- Foundation for future containerized services (Authentik, Nextcloud)
- Maintains rick-infra philosophy: infrastructure provides foundation, apps manage specifics

roles/podman/templates/containers.conf.j2

@@ -0,0 +1,67 @@
+# Podman Configuration - Generated by Ansible
+# rick-infra Podman Infrastructure Role
+#
+# Global podman configuration providing secure defaults
+# for containerized applications
+
+# =================================================================
+# Container Engine Configuration
+# =================================================================
+
+[engine]
+
+# Container runtime (OCI compliant)
+# runtime = "runc"  # Default, can be overridden to crun
+
+# Network backend for container networking
+network_backend = "netavark"
+
+# Default network for new containers
+default_network = "{{ podman_default_network }}"
+
+# =================================================================
+# Storage Configuration  
+# =================================================================
+
+# Storage driver for container layers and images
+# driver = "{{ podman_storage_driver }}"  # overlay is default
+
+# =================================================================
+# Security Configuration
+# =================================================================
+
+# Enable security features
+# seccomp_profile = "/usr/share/containers/seccomp.json"
+# apparmor_profile = "containers-default-0.14.5"
+
+# =================================================================
+# Network Configuration
+# =================================================================
+
+[network]
+
+# Default subnet for new networks (applications override this)
+default_subnet = "10.88.0.0/16"
+default_subnet_pools = [
+    {"base" = "10.89.0.0/16", "size" = 24},
+    {"base" = "10.90.0.0/16", "size" = 24}
+]
+
+# =================================================================
+# Service Integration
+# =================================================================
+
+[service_destinations]
+
+# Systemd integration for container services
+# Applications use this for quadlet deployment
+
+# =================================================================
+# Infrastructure Notes
+# =================================================================
+# This configuration provides secure defaults for all containers
+# Applications should:
+# - Create service-specific users for container isolation
+# - Use quadlet files for systemd integration  
+# - Create custom networks for multi-container applications
+# - Access host services via host.containers.internal