ARCHITECTURE.md

[runleveldev]

This pull request adds a comprehensive architecture overview for the opensource-server project in a new ARCHITECTURE.md file. The document explains the high-level goals, component interactions, service exposure rules, lifecycle flows, and security boundaries for the platform, providing both narrative and diagrammatic representations.

Key additions include:

Platform Interaction and Lifecycle:

• Describes the end-to-end flow for container provisioning, service registration, and configuration propagation, including authentication, template management, and DNS/DHCP integration.
• Details the pull-based configuration model for NGINX, health monitoring for services, and drift detection with re-provisioning triggers.

Service Exposure and Allocation Rules:

• Outlines rules for HTTP/TCP/UDP service declaration, automatic and manual port/hostname allocation, collision prevention, and round-robin grouping for high availability.
• Explains administrator-defined domains and public IP pools, and how users can select or override these for their services.

Security, Scaling, and Recovery:

• Maps security boundaries between core components (LDAP, Proxmox, MariaDB, NGINX, SMTP), and describes bootstrap assumptions and expansion scenarios for scaling.
• Documents failure and recovery interaction paths, ensuring resilience in the face of