Fix Docker deployment and add Tailscale Funnel support

- Fix argon2 native module build in Docker (add build-essential, python3)
- Switch Docker base image from Alpine to Debian-slim for OpenSSL compatibility
- Fix session cookies for HTTP access (COOKIE_SECURE env var)
- Fix TypeScript type errors in sync routes and middleware
- Fix CSS circular dependency in globals.css
- Fix Map iteration in rate-limit cleanup
- Add createdAt field to LocalNote interface
- Configure Tailscale Funnel on port 10000
- Update NEXT_PUBLIC_APP_URL for public funnel access
- Add initial Prisma migration

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

docker-compose.yml

@@ -1,5 +1,3 @@
-version: '3.8'
-
 services:
   app:
     build:
@@ -8,11 +6,11 @@ services:
     container_name: nextstep-app
     restart: unless-stopped
     ports:
-      - "127.0.0.1:3000:3000"  # Bind to localhost only for Tailscale Funnel
+      - "4678:3000"  # Bind to all interfaces for Tailscale access
     environment:
       - DATABASE_URL=postgresql://nextstep:${DB_PASSWORD:-nextstep}@db:5432/nextstep?schema=public
       - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
-      - NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL:-http://localhost:3000}
+      - NEXT_PUBLIC_APP_URL=https://debianvm.kangaroo-eel.ts.net:10000
       - TZ=Australia/Perth
       - NODE_ENV=production
     depends_on:
@@ -48,7 +46,7 @@ services:
       retries: 5
       start_period: 10s
     # Do not expose PostgreSQL to the host - only accessible within the network
-    # If you need direct access, uncomment below:
+    # If you need direct access for migrations, uncomment below:
     # ports:
     #   - "127.0.0.1:5432:5432"