Fix SSL cert creation and HTTP fallback for Unauthenticated error

- Create NPM proxy host WITHOUT SSL initially (ssl_forced=False),
  then request Let's Encrypt cert, then enable SSL only after cert
  is assigned. Prevents broken proxy when cert fails.
- If SSL cert creation fails, automatically fall back to HTTP mode:
  re-render management.json, dashboard.env, relay.env with http://
  URLs and recreate containers so dashboard login works.
- Better error logging in _request_ssl with specific timeout hints.
- Use template variables for relay WebSocket protocol (rels/rel)
  instead of hardcoded rels:// in management.json.j2 and relay.env.j2.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

templates/management.json.j2

@@ -22,7 +22,7 @@
   },
   "Relay": {
     "Addresses": [
-      "rels://{{ netbird_domain }}:443"
+      "{{ relay_ws_protocol }}://{{ netbird_domain }}:{{ netbird_port }}"
     ],
     "CredentialsTTL": "24h",
     "Secret": "{{ relay_secret }}"

templates/relay.env.j2

@@ -2,6 +2,6 @@
 # {{ subdomain }}.{{ base_domain }}
 NB_AUTH_SECRET={{ relay_secret }}
 NB_LISTEN_ADDRESS=:80
-NB_EXPOSED_ADDRESS=rels://{{ subdomain }}.{{ base_domain }}:443
+NB_EXPOSED_ADDRESS={{ relay_ws_protocol }}://{{ subdomain }}.{{ base_domain }}:{{ netbird_port }}
 NB_ENABLE_STUN=true
 NB_STUN_PORTS=3478