…consistency

Follows the same naming convention as the official Keycloak environment variables, beginning with 'KC' prefix.

BREAKING CHANGE: Rename environment variable KEYCLOAK_ADMIN to KC_DOMAIN.

When Docker is running in rootless mode DOCKER_SOCKET_PATH needs to be changed to "/run/user/1000/docker.sock".

When Keycloak container is restarted this line will produce an error in logs which is harmless, but unnecessary.

The `postgres` user is already defined in the [official image](https://github.com/docker-library/postgres/blob/39623ba5d20db58a25c3010896baaf54b9aa6b6d/17/alpine3.23/Dockerfile).

Added healthchecks for all services (`collabora` already had one):
* `collaboration`
* `keycloak`
* `ldap-manager`
* `ldap-server`
* `opencloud`
* `postgres`
* `radicale`
* `tika`
* `traefik`

Keycloak and Tika probes use `/dev/tcp/` to send a GET request because `curl` / `wget` are not available in the image.

`opencloud` healthcheck could alternatively use `wget or `/dev/tcp` via `bash`; keeping all three approaches is unnecessary.
Add frontend login-route healthcheck for `ldap-manager`, because the base image [dunglas/frankenphp:php8.4-alpine](https://github.com/php/frankenphp/blob/ddb11c1f72f5765d4eacae200ba5b1b8267b4dbe/Dockerfile) comes with backend-only healthcheck.

NOTE: `/dev/tcp` is the leanest and least-bloated approach for healthchecking because it requires only a `bash` shell and no extra binaries, so it avoids increasing image size.