Harden posture/borg audit scripts (robustness + coverage)

Working-tree improvements to the audit scripts (authored locally, not by me;
reviewed for correctness + bash -n clean before commit):

- compose-runtime-drift: prefer `docker compose config` for the expected image
  with a raw-parse fallback; raw parser now resolves YAML anchors (*alias) so
  anchor-based composes (e.g. dawarich) no longer mis-report drift.
- komodo-stack-hygiene: treat an unreachable Komodo API as critical and exit 3
  so the Healthchecks EXIT trap sends /fail (the monitor itself is down, not
  "all green"); git fetch before hash-drift compare; clearer "cannot compare"
  message; pin in-container km host to localhost:9120.
- cert-token-check: expand monitored cert domains to the full set incl.
  hc.kaleschke.info.
- gitea-bundle-mirror: skip empty repos without refs instead of failing.
- unraid-user-scripts.md: document SEND_NTFY/NTFY_TOPIC for the daily report.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

services/posture-check/unraid-user-scripts.md

@@ -93,6 +93,8 @@ User Script:
 ```bash
 #!/bin/bash
 SEND_MAIL=1 \
+SEND_NTFY=1 \
+NTFY_TOPIC="homelab-info" \
 MAIL_MODE=always \
 INCLUDE_WEATHER_REPORT=1 \
 MAIL_FROM="michideheld@gmx.de" \