Refactor TURN/STUN handling:

- Split internal/external Coturn for BBB and Nextcloud
- Added dedicated relay port ranges per app
- Updated env and compose overrides for coturn
- Ensure coturn role is loaded conditionally
- Standardize credential/env passing for coturn
@See https://chatgpt.com/share/68d6f376-4878-800f-b4f7-62822caa49ea

roles/web-svc-coturn/templates/docker-compose.yml.j2

@@ -11,17 +11,19 @@
       - "{{ COTURN_STUN_PORT }}:{{ COTURN_STUN_PORT }}/tcp"
       - "{{ COTURN_STUN_PORT }}:{{ COTURN_STUN_PORT }}/udp"
       - "{{ COTURN_RELAY_PORT_RANGE }}/udp"
+      - "{{ COTURN_TLS_CERT_PATH }}:{{ COTURN_TLS_CERT_PATH }}:ro"
+      - "{{ COTURN_TLS_KEY_PATH }}:{{ COTURN_TLS_KEY_PATH }}:ro"
     command: >
       --use-auth-secret
-      --static-auth-secret={{ COTURN_STATIC_AUTH_SECRET }}
+      --static-auth-secret=${ COTURN_STATIC_AUTH_SECRET }
       --lt-cred-mech
-      --user={{ COTURN_USER_NAME }}:{{ COTURN_USER_PASSWORD }}
+      --user=${ COTURN_USER_NAME }:${ COTURN_USER_PASSWORD }
       --log-file=stdout
       --external-ip={{ networks.internet.ip4 }}
 {% if networks.internet.ip6|default('') %}
       --external-ip={{ networks.internet.ip6 }}
 {% endif %}
-      --realm={{ COTURN_REALM }}
+      --realm=${ COTURN_REALM }
       --fingerprint
       --total-quota=100
       --stale-nonce

roles/web-svc-coturn/templates/env.j2

@@ -0,0 +1,4 @@
+COTURN_STATIC_AUTH_SECRET={{ COTURN_STATIC_AUTH_SECRET }}
+COTURN_USER_NAME={{ COTURN_USER_NAME }}
+COTURN_USER_PASSWORD={{ COTURN_USER_PASSWORD }}
+COTURN_REALM={{ COTURN_REALM }}