feat: Move cluster services to wild-directory as unified packages

Convert all 15 cluster services from embedded API format to
wild-directory packages using the unified manifest format:
- metallb, traefik, cert-manager, longhorn, snapshot-controller
- nfs, smtp, coredns, node-feature-discovery, nvidia-device-plugin
- externaldns, docker-registry, headlamp, crowdsec, utils

Changes:
- wild-manifest.yaml → manifest.yaml with is, defaultConfig, requires
- Eliminated configReferences and serviceConfig fields
- Flattened kustomize.template/ to package root
- Template vars use flat defaultConfig keys
- install.sh paths updated for apps/ layout
- Updated 9 app manifests: cloud.smtp.* → apps.smtp.* with requires
- Removed dead install: true field from 6 app manifests

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

coredns/coredns-custom-config.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns-custom
+  namespace: kube-system
+data:
+  # Custom server block for internal domains. All internal domains should
+  # resolve to the cluster proxy.
+  internal.server: |
+    {{ .internalDomain }} {
+      errors
+      cache 30
+      reload
+      template IN A {
+        match (.*)\.{{ .internalDomain | strings.ReplaceAll "." "\\." }}\.
+        answer "{{`{{ .Name }}`}} 60 IN A {{ .loadBalancerIp }}"
+      }
+      template IN AAAA {
+        match (.*)\.{{ .internalDomain | strings.ReplaceAll "." "\\." }}\.
+        rcode NXDOMAIN
+      }
+    }
+  # Custom override to set external resolvers.
+  external.override: |
+    forward . {{ .externalResolver }} {
+      max_concurrent 1000
+    }