feat: protect Uptime Kuma and Weave GitOps with Authelia ForwardAuth

- Add Traefik ForwardAuth middleware pointing to Authelia
- Apply to status.davidepiu.xyz and flux.davidepiu.xyz
- Users must login via auth.davidepiu.xyz before accessing these services

clusters/lab/security/authelia-forwardauth.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: authelia-forwardauth
+  namespace: default
+spec:
+  forwardAuth:
+    address: http://authelia-authelia.authelia.svc.cluster.local/api/authz/forward-auth
+    trustForwardHeader: true
+    authResponseHeaders:
+    - Remote-User
+    - Remote-Groups
+    - Remote-Email
+    - Remote-Name