Mastodon: allow internal chess host & refactor var names; OpenLDAP: safer get_app_conf

- Add ALLOWED_PRIVATE_ADDRESSES to .env (from svc-db-postgres) to handle 422 Mastodon::PrivateNetworkAddressError
- Switch docker-compose to MASTODON_* variables and align vars/main.yml
- Always run 01_setup.yml during deployment (removed conditional flag)
- OpenLDAP: remove implicit True default on network.local to avoid unintended truthy behavior

Context: chess.infinito.nexus resolved to 192.168.200.30 (private IP) from Mastodon; targeted allowlist unblocks federation lookups.

Ref: https://chat.openai.com/share/REPLACE_WITH_THIS_CONVERSATION_LINK

roles/web-app-mastodon/vars/main.yml

@@ -3,12 +3,12 @@ application_id:               "web-app-mastodon"
 database_type:                "postgres"
 
 # Mastodon Specific
-mastodon_version:             "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version', True) }}"
-mastodon_image:               "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image', True) }}"
-mastodon_name:                "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}"
-mastodon_volume:              "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
-mastodon_streaming_version:   "{{ applications | get_app_conf(application_id, 'docker.services.streaming.version', True) }}"
-mastodon_streaming_image:     "{{ applications | get_app_conf(application_id, 'docker.services.streaming.image', True) }}"
-mastodon_streaming_name:      "{{ applications | get_app_conf(application_id, 'docker.services.streaming.name', True) }}"
-mastodon_sidekiq_name:        "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}_sidekiq"
-mastodon_setup:               "{{ applications | get_app_conf(application_id, 'setup', True) }}"
+MASTODON_VERSION:                     "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version') }}"
+MASTODON_IMAGE:                       "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image') }}"
+MASTODON_NAME:                        "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}"
+MASTODON_VOLUME:                      "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+MASTODON_STREAMING_VERSION:           "{{ applications | get_app_conf(application_id, 'docker.services.streaming.version') }}"
+MASTODON_STREAMING_IMAGE:             "{{ applications | get_app_conf(application_id, 'docker.services.streaming.image') }}"
+MASTODON_STREAMING_NAME:              "{{ applications | get_app_conf(application_id, 'docker.services.streaming.name') }}"
+MASTODON_SIDEKIQ_NAME:                "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}_sidekiq"
+MASTODON_ALLOWED_PRIVATE_ADDRESSES:   "{{ networks.local['svc-db-postgres'].subnet if 'web-app-chess' in group_names else ''}}"