infrastructure: drop Traefik/env template churn, keep only UDP port mapping

Reverts the heavier deployment-template additions from the previous
follow-up commit. Keeping just the one new line in docker-compose.yml.tmpl
that publishes UDP on the relay port — the Traefik variant, the
RELAY_LE_VOLUMESUFFIX env plumbing, and the inline ALPN-mux explainer
block all go back. Operator guidance for opening UDP/443 lives in the
self-hosting docs alongside the existing TCP/443 instructions.

infrastructure_files/base.setup.env

@@ -47,10 +47,6 @@ VOLUME_PREFIX="netbird-"
 MGMT_VOLUMESUFFIX="mgmt"
 SIGNAL_VOLUMESUFFIX="signal"
 LETSENCRYPT_VOLUMESUFFIX="letsencrypt"
-# Dedicated Let's Encrypt store for the relay. Required only by the Traefik
-# deployment, where the relay runs its own ACME client to terminate TLS on
-# UDP/443 for WebTransport + raw QUIC (Traefik can't proxy WebTransport).
-RELAY_LE_VOLUMESUFFIX="relay-letsencrypt"
 
 NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
 NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=${NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE:-$NETBIRD_AUTH_AUDIENCE}
@@ -115,7 +111,6 @@ export VOLUME_PREFIX
 export MGMT_VOLUMESUFFIX
 export SIGNAL_VOLUMESUFFIX
 export LETSENCRYPT_VOLUMESUFFIX
-export RELAY_LE_VOLUMESUFFIX
 export NETBIRD_DISABLE_ANONYMOUS_METRICS
 export NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN
 export NETBIRD_MGMT_DNS_DOMAIN