feat: set INFRASTRUCTUREENDPOINTS=false on tenant server containers

Adds CAMELEER_SERVER_SECURITY_INFRASTRUCTUREENDPOINTS=false to the env
var list injected into provisioned tenant server containers, disabling
the Database and ClickHouse admin endpoints (returns 404) on SaaS-
managed instances. The server defaults to true (standalone mode).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java

@@ -211,7 +211,8 @@ public class DockerTenantProvisioner implements TenantProvisioner {
             "CAMELEER_SERVER_RUNTIME_JARSTORAGEPATH=/data/jars",
             // Apps deployed by this server join the tenant network (isolated)
             "CAMELEER_SERVER_RUNTIME_DOCKERNETWORK=" + tenantNetwork,
-            "CAMELEER_SERVER_RUNTIME_JARDOCKERVOLUME=cameleer-jars-" + slug
+            "CAMELEER_SERVER_RUNTIME_JARDOCKERVOLUME=cameleer-jars-" + slug,
+            "CAMELEER_SERVER_SECURITY_INFRASTRUCTUREENDPOINTS=false"
         ));
         // If no CA bundle exists, fall back to TLS skip for OIDC (self-signed dev)
         if (!java.nio.file.Files.exists(java.nio.file.Path.of("/certs/ca.pem"))) {