refactor: reorganize fluent-bit and geoip out of containers

- Move fluent-bit to common role (systemd service, not a container)
- Move geoip to podman/tasks/data/ (data prep, not a container)
- Remove debyltech tag from geoip (not a debyltech service)
- Fix check_mode for fetch subuid task to enable dry-run mode

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

ansible/roles/common/templates/fluent-bit/parsers.conf.j2

@@ -0,0 +1,24 @@
+[PARSER]
+    Name        caddy_json
+    Format      json
+    Time_Key    ts
+    Time_Format %s.%L
+
+# Generic JSON parser for nested message fields
+[PARSER]
+    Name        json
+    Format      json
+
+# Parse ZOMBOID_CONN firewall logs to extract source IP
+# Example: ZOMBOID_CONN: IN=enp0s31f6 OUT= MAC=... SRC=45.5.113.90 DST=192.168.1.10 ...
+[PARSER]
+    Name        zomboid_firewall
+    Format      regex
+    Regex       ZOMBOID_CONN:.*SRC=(?<src_ip>[0-9.]+).*DST=(?<dst_ip>[0-9.]+).*DPT=(?<dst_port>[0-9]+)
+
+# Parse ZOMBOID_RATELIMIT firewall logs to extract source IP
+# Example: ZOMBOID_RATELIMIT: IN=enp0s31f6 OUT= MAC=... SRC=45.5.113.90 DST=192.168.1.10 ...
+[PARSER]
+    Name        zomboid_ratelimit
+    Format      regex
+    Regex       ZOMBOID_RATELIMIT:.*SRC=(?<src_ip>[0-9.]+).*DST=(?<dst_ip>[0-9.]+).*DPT=(?<dst_port>[0-9]+)