refactor: Network Services rebuilt, DHCP decommissioned, infra cleanup

Network Services page is rebuilt around real API data: GET /api/dns/overview
returns provider-aware records; per-service Cloudflare sync is exposed via
POST /api/ddns/sync; effective domain is displayed so operators can verify
what external name resolves to the cell; NTP status reflects the actual
systemd-timesyncd state rather than a hardcoded boolean.

DHCP is fully decommissioned: the cell-dhcp container is removed from
docker-compose.yml, DHCP methods are stripped from network_manager, the
setup_cell script no longer seeds DHCP config, and the Settings DHCP field
is gone. DHCP was never a PIC responsibility and the container was consuming
resources for no benefit.

Dead code removed: api/config.py (superseded by config_manager), the
standalone Email/Calendar/Files pages (these are now optional store services
and do not need dedicated pages). api/constants.py is introduced to hold
RESERVED_SUBDOMAINS in one place rather than scattered literals.

Docker resource limits (mem_limit, cpus, pids_limit) are added to all
compose services so a runaway process cannot starve the host.

Makefile gains a warning before the backup target so operators are not
surprised by the archive path. Settings same/accept state fix ensures
the Cell Identity section correctly shows the accept/discard banner and
does not flash a false-positive change indicator on first load.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

Makefile

@@ -254,6 +254,11 @@ backup:
 		config/ data/ docker-compose.yml Makefile README.md
 	@sudo chown $$(id -u):$$(id -g) backups/cell-backup-*.tar.gz
 	@echo "Backup created in backups/."
+	@echo ""
+	@echo "WARNING: data volumes of installed store services (email, calendar,"
+	@echo "files, ...) are NOT included in this archive. They are only captured"
+	@echo "by API-driven backups (POST /api/config/backup), which dump each"
+	@echo "service's volumes via ConfigManager._backup_service_volumes."
 
 restore:
 	@echo "Available backups:"