feat(monitoring): Add direct VPN access configuration

- Add docker-compose-direct-access.yml for VPN-only admin access
- Configure Portainer on port 9002 (avoid MinIO conflict)
- Add grafana.ini to disable external plugin update checks
- Bind services to 10.8.0.1 (WireGuard VPN gateway)

This configuration enables direct access to admin services via WireGuard VPN
while removing Traefik routing overhead. Services are bound exclusively to
the VPN gateway IP to prevent public access.

deployment/stacks/monitoring/grafana/grafana.ini

@@ -0,0 +1,26 @@
+[analytics]
+reporting_enabled = false
+check_for_updates = false
+
+[plugins]
+enable_alpha = false
+plugin_admin_enabled = false
+plugin_admin_external_manage_enabled = false
+# Completely disable plugin catalog access
+grafana_com_url =
+# Disable background installer
+allow_loading_unsigned_plugins =
+# Disable plugin installation completely
+plugin_catalog_hidden_plugins = *
+
+[plugin_management]
+check_for_updates = false
+enable_background_install = false
+# Disable all plugin management
+enabled = false
+
+[log]
+level = info
+
+[server]
+# Will be overridden by environment variable GF_SERVER_ROOT_URL