Make mail stack optional for Infinito.Nexus deployments without Mailu (e.g. Raspberry Pi / robots)

Refactored mail-related roles to support running Infinito.Nexus on nodes without a dedicated mail server:
- Introduced sys-svc-mail as central mail orchestration role.
- Split msmtp handling into sys-svc-mail-msmtp.
- Added sys-svc-mail-smtp to provide a localhost-only Postfix relay when Mailu is not present.
- Updated alert/health roles to use the new mail orchestration.
- Avoid installing postfix inside containers via IS_CONTAINER guard.
- Adjusted WordPress role to use the new msmtp template path.

This allows lightweight deployments (e.g. Raspberry Pi, robots, edge nodes) to send mail via localhost without requiring a full Mailu stack.

ChatGPT discussion: https://chatgpt.com/share/6931edf1-cb98-800f-9e3c-a62d69ccb223

roles/sys-svc-mail-msmtp/templates/msmtprc.conf.j2

@@ -0,0 +1,40 @@
+# Set default values for all following accounts.
+defaults
+logfile        ~/.msmtp.log
+
+{% if 'web-app-mailu' in group_names %}
+auth           on
+tls_starttls   {{ 'on' if SYSTEM_EMAIL.START_TLS else 'off' }}
+{% if SYSTEM_EMAIL.TLS %}
+tls            on
+tls_trust_file /etc/ssl/certs/ca-certificates.crt
+{% else %}
+tls            off
+{% endif %}
+
+{% set no_reply = users.get('no-reply', {}) %}
+{% set no_reply_email = no_reply.get('email', SYSTEM_EMAIL.FROM | default('no-reply@' ~ SYSTEM_EMAIL.HOST)) %}
+{% set no_reply_token = no_reply.get('mailu_token', '') %}
+
+account        system_email_no_reply
+host           {{ SYSTEM_EMAIL.HOST }}
+port           {{ SYSTEM_EMAIL.PORT }}
+from           {{ no_reply_email }}
+user           {{ no_reply_email }}
+password       {{ no_reply_token }}
+
+account default : system_email_no_reply
+
+{% else %}
+# Localhost relay – no auth
+auth           off
+tls_starttls   off
+tls            off
+
+account        local_relay
+host           localhost
+port           25
+from           root@{{ inventory_hostname }}
+
+account default : local_relay
+{% endif %}