Fix Matomo bootstrap logic and dependency ordering to prevent recursion (see conversation: https://chatgpt.com/share/692cb23b-fb3c-800f-98b6-ce7f61595305 )

This commit introduces several improvements to the Matomo initialization workflow:

- Moves the Matomo reachability check into sys-front-inj-all/tasks/01_dependencies.yml.
- Ensures web-app-matomo is only initialized when the endpoint is unreachable.
- Avoids condition inheritance on include_role by removing block-level when conditions.
- Adds explicit guarding conditions (inj_enabled.matomo, run_once_web_app_matomo usage).
- Ensures Matomo-dependent injections (CSS, Desktop, Logout, CDN) are skipped for Matomo itself.
- Fixes incorrect status_code format (now using YAML list format).
- Moves utils/run_once.yml to the top of 01_core.yml to prevent recursive re-invocation of web-app-matomo.
- Cleans Matomo config/main.yml feature definitions and clarifies which features are disabled during initial bootstrap.
- Removes legacy global Matomo bootstrap from 02_server.yml, centralizing logic in sys-front-inj-all.
- Fixes typo in inj_enabled task name.

This results in a robust, idempotent, recursion-safe Matomo bootstrap sequence that works across all injected web domains.

roles/sys-front-inj-all/tasks/main.yml

@@ -6,7 +6,7 @@
     - include_tasks: utils/run_once.yml
   when: run_once_sys_front_inj_all is not defined
 
-- name: Build inj_enabled
+- name: Build inj_enabled for '{{ domain }}'"
   set_fact:
     inj_enabled: "{{ applications | inj_enabled(application_id, SRV_WEB_INJ_COMP_FEATURES_ALL) }}"