feat(auth): integrate TinyAuth SSO for NetBox authentication

Deploy TinyAuth v4 as CT 115 (192.168.2.10) to provide centralized
SSO authentication for NetBox via Nginx Proxy Manager.

**New Infrastructure:**
- CT 115: TinyAuth authentication layer
- Domain: tinyauth.apophisnetworking.net
- Integration: NPM auth_request → TinyAuth → NetBox

**Configuration:**
- Docker Compose with bcrypt-hashed credentials
- NPM advanced config for auth_request integration
- HTTPS enforcement via SSL termination

**Issues Resolved:**
- 500 Internal Server Error (Nginx config syntax)
- "IP addresses not allowed" (APP_URL domain requirement)
- Port mapping (8000:3000 for internal port 3000)
- Invalid password (bcrypt hash requirement for v4)

**Documentation:**
- Complete TinyAuth README at services/tinyauth/README.md
- Updated CLAUDE_STATUS.md with CT 115 infrastructure
- Added bug report for scribe agent tool permissions

**Note:** Container restart required on CT 115 to apply bcrypt hash

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

disaster-recovery/homelab-export-20251211-144345/configs/proxmox/user.cfg

@@ -0,0 +1,19 @@
+user:api@pam:1:0::::::
+token:api@pam!homepage:0:1::
+user:monitoring@pve:1:0::::::
+user:root@pam:1:0:::jramosdirect2@gmail.com:::
+token:root@pam!packer:0:0::
+token:root@pam!tui:0:0::
+user:terraform@pam:1:0::::::
+token:terraform@pam!terraform:0:0::
+
+group:api-ro:api@pam::
+group:terraform:terraform@pam::
+
+
+role:TerraformProvision:Datastore.AllocateSpace,Datastore.Audit,Pool.Allocate,SDN.Use,Sys.Audit,Sys.Console,Sys.Modify,Sys.PowerMgmt,VM.Allocate,VM.Audit,VM.Clone,VM.Config.CDROM,VM.Config.CPU,VM.Config.Cloudinit,VM.Config.Disk,VM.Config.HWType,VM.Config.Memory,VM.Config.Network,VM.Config.Options,VM.Migrate,VM.Monitor,VM.PowerMgmt:
+
+acl:1:/:root@pam!packer:Administrator:
+acl:1:/:monitoring@pve:PVEAdmin:
+acl:1:/:@api-ro,api@pam!homepage:PVEAuditor:
+acl:1:/:@terraform:TerraformProvision: