feat(infra): migrate POS System routing to Traefik v3

Architecture: Nginx Ingress (TLS) → Traefik (routing) → Services

- Add traefik.yaml: Traefik v3.3 deployment with file provider config
  - 65+ route rules for api.techbi.org (25 backend services)
  - platform.techbi.org → pos-web
  - Middlewares: rate-limit (100/s), retry (3x), compress, secure-headers
  - WebSocket support for SignalR hubs (/hubs/pos, /hubs/kitchen, /hubs/chat)
- Update ingress.yaml: Nginx now proxies POS domains to Traefik ClusterIP
  (Nginx still handles TLS termination via cert-manager/Let's Encrypt)
- Update network-policy.yaml: Add Traefik ingress/egress/DNS policies
- Update deploy.yaml: Add traefik.yaml to CI/CD apply step
- Other services unaffected: Neon-UI, Rancher, Gitea, Harbor, Grafana, MinIO

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/deploy.yaml

@@ -255,6 +255,7 @@ jobs:
             kubectl apply -f deployments/staging/kubernetes/redis.yaml
             kubectl apply -f deployments/staging/kubernetes/rabbitmq.yaml
             kubectl apply -f deployments/staging/kubernetes/minio.yaml
+            kubectl apply -f deployments/staging/kubernetes/traefik.yaml
             kubectl apply -f deployments/staging/kubernetes/ingress.yaml
             kubectl apply -f deployments/staging/kubernetes/network-policy.yaml
           fi