fulfillr-dev: staging back-office container + Turso store prep

Add a second go-fulfillr container (fulfillr-dev) wired to the staging
Turso store + EasyPost/Stripe test keys via dev.json, served at
fulfillr-dev.debyltech.com (Caddy -> :9055), LAN-restricted like prod.

- fulfillr-dev.yml + dev.json.j2: the staging container, volumes, config
- defaults: fulfillr_dev_* vars; prod store URL stubbed off until cutover
- Caddyfile + caddy.yml: fulfillr-dev site block and static mount
- awsddns.yml: Route53 DDNS for the fulfillr-dev hostname
- production.json.j2: add store_database_url/store_auth, rename stripe key
  var to fulfillr_stripe_api_key
- vault.yml: dev + store/stripe secrets

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

ansible/roles/podman/tasks/containers/base/caddy.yml

@@ -25,6 +25,7 @@
 # Legacy volume mounts removed - Caddy manages certificates automatically
       # Mount static site directories
       - "/usr/local/share/fulfillr-site:/usr/local/share/fulfillr-site:ro"
+      - "/usr/local/share/fulfillr-site-dev:/usr/local/share/fulfillr-site-dev:ro"
       - "/usr/local/share/test-site:/srv/test-site:ro"
     env:
       CADDY_ADMIN: "0.0.0.0:2019"