feat: Add SSH remote execution for HAProxy on remote host

MCP server can now manage HAProxy running on a remote host via SSH.
When SSH_HOST env var is set, all file I/O and subprocess commands
(podman, acme.sh, openssl) are routed through SSH instead of local exec.

- Add ssh_ops.py module with remote_exec, run_command, file I/O helpers
- Modify file_ops.py to support remote reads/writes via SSH
- Update all tools (domains, certificates, health, configuration) for SSH
- Fix domains.py: replace direct fcntl usage with file_lock context manager
- Add openssh-client to Docker image for SSH connectivity
- Update k8s deployment with SSH env vars and SSH key secret mount

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

haproxy_mcp/config.py

@@ -44,6 +44,13 @@ MAX_SLOTS: int = int(os.getenv("HAPROXY_MAX_SLOTS", "10"))
 # Container configuration
 HAPROXY_CONTAINER: str = os.getenv("HAPROXY_CONTAINER", "haproxy")
 
+# SSH remote execution (when MCP runs on a different host from HAProxy)
+SSH_HOST: str = os.getenv("SSH_HOST", "")  # Empty = local mode
+SSH_USER: str = os.getenv("SSH_USER", "root")
+SSH_KEY: str = os.getenv("SSH_KEY", "")  # Path to SSH private key
+SSH_PORT: int = int(os.getenv("SSH_PORT", "22"))
+REMOTE_MODE: bool = bool(SSH_HOST)
+
 # Validation patterns - compiled once for performance
 DOMAIN_PATTERN = re.compile(
     r'^[a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?'