outline: split to iron-kr-nowaf pull zone, restore iron-kr WAF rules

Created new Bunny pull zone iron-kr-nowaf (ID 5720695) without Shield to
host outline.inouter.com exclusively. Uploaded *.inouter.com wildcard cert
from cert-manager since Bunny LE auto-provision kept returning invalid.
Restored 7 CRS rules (942100,932230/235/260/370/380,933160) on iron-kr
Shield so vault/n8n/telegram-webhook/jarvis regain protection.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

infra/platform/outline.md

@@ -24,9 +24,9 @@ Outline은 팀 위키/문서 관리 플랫폼. K3s 클러스터에 배포.
 | Redis | outline-redis (outline 네임스페이스 내 전용) |
 | 파일 저장소 | 로컬 (Longhorn PVC 5Gi, `/var/lib/outline/data`) |
 | TLS (Traefik) | wildcard-inouter-tls (*.inouter.com) |
-| TLS (CDN) | Let's Encrypt via BunnyCDN |
-| CDN | BunnyCDN iron-kr 존 (ID 5555227, 쿠키 허용) |
-| DNS | outline.inouter.com CNAME → iron-kr.b-cdn.net (Cloudflare, proxied OFF) |
+| TLS (CDN) | *.inouter.com wildcard (cert-manager, GTS WR1 발급) 수동 업로드 |
+| CDN | BunnyCDN **iron-kr-nowaf** 존 (ID 5720695, WAF 없음, 쿠키 허용) — 2026-04-21 iron-kr에서 분리 이전 |
+| DNS | outline.inouter.com CNAME → iron-kr-nowaf.b-cdn.net (Cloudflare, proxied OFF) |
 | Ingress | Traefik IngressRoute (CRD) |
 
 ## 인증 (Gitea OAuth2)