feat(security): add nginx http-to-https redirect config

native_crumbcore_v1/nginx/crumbforest-redirect.conf

@@ -0,0 +1,13 @@
+# Crumbforest HTTP -> HTTPS Redirect
+# Purpose: Harden security by forcing all traffic to encrypted channels.
+# Usage: Include this in /etc/nginx/sites-available/crumbforest (or replace the port 80 block)
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name crumbforest.194-164-194-191.sslip.io 194.164.194.191;
+
+    # Force HTTPS
+    # This mitigates brute-force on plain HTTP and ensures encryption.
+    return 301 https://$host$request_uri;
+}