Implement Let's Encrypt SSL automation process

[MichaelSchmidle]

Complete SSL certificate automation for production deployments using Let's Encrypt.

Process to implement:

1. During light env add <env> (for non-dev environments):

   • Prompt for ACME email (reuse from user config if exists)
   • Detect/confirm DNS provider from domain registrar
   • Prompt for DNS provider API credentials
   • Store credentials securely in env config

2. During light up <env> (production):

   • Configure Traefik certificatesResolvers with DNS-01 challenge
   • Pass DNS provider credentials to Traefik via environment
   • Let Traefik handle cert acquisition/renewal automatically

3. Support DNS providers (via Traefik's built-in support):

   • Start with major providers: Cloudflare, Route53, DigitalOcean
   • Reference: https://doc.traefik.io/traefik/https/acme/#providers
   • Don't reinvent - use Traefik's provider list

Current state:

• ✅ ACME email prompt exists (moved to env add in 001-T103)
• ❌ DNS provider detection missing
• ❌ Credentials storage missing
• ❌ Traefik certificatesResolvers config missing

Related: 001-T034, 001-T096-T098 from spec 001