Architecture Change: Eliminate the need for a reverse proxy

[brianmiller]

Bring TLS termination down to the internal NGINX service, eliminating the requirement but not the option of an external reverse proxy.

• Re-model port mapping structure to expose the public interface internally
• We likely need to add Admin RBAC to ensure admin interfaces are not inadvertently exposed
• Remove dependency for TLS termination+Steam Auth, likely need to add local auth options
• Move gameDNS and phValheimServer hostnames to an advanced config option (external reverpse proxy)

[brianmiller]

I have a working test of a non-TLS terminated connection to PhValheim's frontend. While we'll still recommend TLS, there's little to no risk in running non-TLS as Steam's auth flow is handled in its entirety before handing off to remote systems like PhValheim, ensuring the authentication part is encrypted.

PhValheim handles the authorization in its backend, also not exposing credentials when the frontend is hit with non-TLS.

[brianmiller]

Commit https://github.com/brianmiller/phvalheim-server/commit/8c0bd0e0d4ff16f268673109053946b275ef977f includes changes that brings more intelligence to the frontend and client.

The frontend now passes the http termination scheme (http or https) along with the hostname used to target the PhValheim frontend. These variables are unique for every installation and eliminates the need to pass hardcoded variables during startup.

This flexibility is needed to allow http to work (without TLS/SSL and without reverse proxies).

This change does not immediately remove the phvalheimHost variable, more work is needed to cleanly remove this variable.

phvalheim-server 1.7 requires phvalheim-client 2.0.2 or greater.