feat: enable CrowdSec Traefik bouncer on all ingresses

- Add Traefik plugin via HelmChartConfig (crowdsec-bouncer-traefik-plugin)
- Create bouncer Middleware in stream mode
- Apply bouncer to all public ingresses
- IPs flagged by CrowdSec will now be blocked at Traefik level

clusters/lab/apps/vaultwarden.yaml

@@ -45,7 +45,7 @@ spec:
       nginxIngressAnnotations: false
       additionalAnnotations:
         cert-manager.io/cluster-issuer: letsencrypt-prod
-        traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
+        traefik.ingress.kubernetes.io/router.middlewares: default-crowdsec-bouncer@kubernetescrd,default-redirect-https@kubernetescrd
       hostname: vault.davidepiu.xyz
       tls: true
       tlsSecret: vaultwarden-tls