Fix SSL cert creation and HTTP fallback for Unauthenticated error

- Create NPM proxy host WITHOUT SSL initially (ssl_forced=False),
  then request Let's Encrypt cert, then enable SSL only after cert
  is assigned. Prevents broken proxy when cert fails.
- If SSL cert creation fails, automatically fall back to HTTP mode:
  re-render management.json, dashboard.env, relay.env with http://
  URLs and recreate containers so dashboard login works.
- Better error logging in _request_ssl with specific timeout hints.
- Use template variables for relay WebSocket protocol (rels/rel)
  instead of hardcoded rels:// in management.json.j2 and relay.env.j2.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

templates/management.json.j2

@@ -22,7 +22,7 @@
   },
   "Relay": {
     "Addresses": [
-      "rels://{{ netbird_domain }}:443"
+      "{{ relay_ws_protocol }}://{{ netbird_domain }}:{{ netbird_port }}"
     ],
     "CredentialsTTL": "24h",
     "Secret": "{{ relay_secret }}"