fix: dynamic port detection + electrumx sync + rootless infra

Backend:
- Remove most hardcoded port overrides from docker_packages.rs, use
  dynamic port extraction from actual container bindings with fallback
  to static map in PodmanClient
- Fix OnlyOffice (8044), NginxPM (8181), Fedimint (8174) port mappings
- Remove Tailscale fake web UI port (no web UI)
- ElectrumX: detect "Connection reset" as syncing state (not error)

Deploy script:
- Auto-configure sysctl unprivileged_port_start=80 for rootless
- Auto-enable loginctl linger for container persistence
- Auto-enable podman.socket for Portainer

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

core/archipelago/src/container/docker_packages.rs

@@ -119,47 +119,21 @@ impl DockerPackageScanner {
             // Get metadata for this app
             let metadata = get_app_metadata(&app_id);
             
-            // Check if this app has a separate UI container
+            // Resolve UI address: separate UI containers > static map > dynamic ports
             let lan_address = if let Some(ui_address) = ui_containers.get(&app_id) {
-                debug!("Using UI container address for {}: {}", app_id, ui_address);
+                // Apps with separate UI containers (e.g. archy-bitcoin-ui, archy-lnd-ui)
+                debug!("Using UI container for {}: {}", app_id, ui_address);
                 Some(ui_address.clone())
             } else if app_id == "bitcoin-knots" {
-                // Bitcoin UI runs on host network at port 8334
-                debug!("Using bitcoin-ui for bitcoin-knots: http://localhost:8334");
                 Some("http://localhost:8334".to_string())
             } else if app_id == "lnd" {
-                // LND UI runs on host network at port 8081
-                debug!("Using lnd-ui for lnd: http://localhost:8081");
                 Some("http://localhost:8081".to_string())
-            } else if app_id == "tailscale" {
-                // Tailscale uses host networking, so no port mappings
-                // But web UI is always on port 8240
-                debug!("Tailscale detected, using port 8240");
-                Some("http://localhost:8240".to_string())
-            } else if app_id == "fedimint" {
-                // Fedimint built-in Guardian UI on port 8175
-                debug!("Using fedimint built-in Guardian UI: http://localhost:8175");
-                Some("http://localhost:8175".to_string())
-            } else if app_id == "fedimint-gateway" {
-                // Fedimint Gateway API on port 8176
-                debug!("Using fedimint gateway: http://localhost:8176");
-                Some("http://localhost:8176".to_string())
-            } else if app_id == "nostr-rs-relay" {
-                debug!("Using Nostr relay: http://localhost:18081");
-                Some("http://localhost:18081".to_string())
-            } else if app_id == "dwn" {
-                debug!("Using DWN server: http://localhost:3100");
-                Some("http://localhost:3100".to_string())
-            } else if app_id == "indeedhub" {
-                debug!("Using IndeedHub: http://localhost:7777");
-                Some("http://localhost:7777".to_string())
             } else if app_id == "electrumx" || app_id == "mempool-electrs" || app_id == "electrs" {
-                // ElectrumX UI runs on host at port 50002
-                debug!("Using electrumx-ui for electrumx: http://localhost:50002");
                 Some("http://localhost:50002".to_string())
             } else {
-                // Extract port from the main container
+                // Dynamic: use actual port bindings from container, fall back to static map
                 extract_lan_address(&container.ports)
+                    .or_else(|| self.runtime.get_ui_address(&app_id))
             };
             
             debug!("Container {}: ports={:?}, lan_address={:?}", app_id, container.ports, lan_address);

core/container/src/podman_client.rs

@@ -71,14 +71,14 @@ impl PodmanClient {
         let url = match name {
             "bitcoin-knots" | "bitcoin-ui" => "http://localhost:8334",
             "lnd" | "archy-lnd-ui" => "http://localhost:8081",
-            "tailscale" => "http://localhost:8240",
+            // Tailscale has no web UI — managed via CLI/app
             "homeassistant" => "http://localhost:8123",
             "archy-mempool-web" | "mempool" => "http://localhost:4080",
             "btcpay-server" => "http://localhost:23000",
             "grafana" => "http://localhost:3000",
             "searxng" => "http://localhost:8888",
             "ollama" => "http://localhost:11434",
-            "onlyoffice" => "http://localhost:9980",
+            "onlyoffice" => "http://localhost:8044",
             "penpot" => "http://localhost:9001",
             "nextcloud" => "http://localhost:8085",
             "vaultwarden" => "http://localhost:8082",
@@ -86,10 +86,10 @@ impl PodmanClient {
             "photoprism" => "http://localhost:2342",
             "immich_server" | "immich" => "http://localhost:2283",
             "filebrowser" => "http://localhost:8083",
-            "nginx-proxy-manager" => "http://localhost:81",
+            "nginx-proxy-manager" => "http://localhost:8181",
             "portainer" => "http://localhost:9000",
             "uptime-kuma" => "http://localhost:3001",
-            "fedimint" => "http://localhost:8175",
+            "fedimint" | "fedimintd" => "http://localhost:8174",
             "fedimint-gateway" => "http://localhost:8176",
             "nostr-rs-relay" => "http://localhost:18081",
             "indeedhub" => "http://localhost:7777",