Pull Proxmox LXC app configs via SSH and document all CTs.

Add pull-lxc-from-proxmox.py using Proxmox API + pct exec for running
containers (vaultwarden, linkwarden, paymenter, NPM, etc). Stub apps for
stopped LXCs with proxmox.meta.yaml and updated lxc-inventory with live IPs.

Co-authored-by: Cursor <cursoragent@cursor.com>

apps/vaultwarden/config/vaultwarden.service

@@ -0,0 +1,29 @@
+Warning: Permanently added '192.168.1.216' (ED25519) to the list of known hosts.
+[Unit]
+Description=Bitwarden Server (Powered by Vaultwarden)
+Documentation=https://github.com/dani-garcia/vaultwarden
+After=network.target
+[Service]
+User=vaultwarden
+Group=vaultwarden
+EnvironmentFile=-/opt/vaultwarden/.env
+ExecStart=/opt/vaultwarden/bin/vaultwarden
+LimitNOFILE=65535
+LimitNPROC=4096
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=strict
+DevicePolicy=closed
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictNamespaces=yes
+RestrictRealtime=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+WorkingDirectory=/opt/vaultwarden
+ReadWriteDirectories=/opt/vaultwarden/data
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+[Install]
+WantedBy=multi-user.target