Addition of reverse proxy support to official container

[rioncm]

Summary

Add REVERSE_PROXY mode to run Headwind behind TLS-terminating reverse proxies (Traefik/Nginx).

Behavior

•	Default unchanged.
•	When REVERSE_PROXY=true:
•	Tomcat runs HTTP-only on 8080 with RemoteIpValve to honor X-Forwarded-Proto/Host/Port.
•	External URLs in ROOT.xml/init SQL use https.
•	Certbot/JKS block is skipped.

Rationale

Many users terminate TLS at an ingress/proxy. Current startup fails if PROTOCOL=https (expects certbot files). This PR enables a supported path without breaking existing flows.

Testing

•	Verified default flows (PROTOCOL=http|https).
•	Verified reverse-proxy flow with Traefik (HTTP→HTTPS redirect, TLS at proxy).
•	QR JSON contains https://...; enrollment succeeds.
    •	Confirmed full functionality in Kubernetes cluster. Docker and Docker Swarm untested 

Docs

•	Added “REVERSE_PROXY.md” with compose and K8s examples.

Compatibility

•	No breaking changes. Env vars are backward compatible.
•	POSIX sh compatible (no bashisms).

[GiorgioPortalVBR]

This pr would be a great boon. ATM, I run all my infranstructure behind a reverse proxy that handles tls and h-mdm not being able to be put behind a reverse proxy is pretty bothersome