fix(infra): Stalwart installer — repo rename + exact asset; flag 0.16 config break

- install.sh: default repo stalwartlabs/mail-server -> stalwartlabs/stalwart
  (renamed), and select the exact /stalwart-<target>.tar.gz asset excluding the
  foundationdb build (head -n1 could grab the wrong one).
- config.toml: $env{...} -> %{env:...}% (correct Stalwart macro syntax).

KNOWN ISSUE: Stalwart v0.16 removed TOML config (single config.json datastore +
everything else in the DB via CLI/UI), so this config.toml does not load on
0.16.8 ("Failed to parse data store settings"). Needs either a pinned pre-0.16
version or a migration to the v0.16 config model. Binary is installed; the
service is stopped pending that decision.

infrastructure/production/host/stalwart/config.toml

@@ -60,7 +60,7 @@ default = true
 # management API (STALWART_ADMIN_USER/PASSWORD on the platform-api side).
 [authentication]
 fallback-admin.user = "admin"
-fallback-admin.secret = "$env{STALWART_ADMIN_PASSWORD}"
+fallback-admin.secret = "%{env:STALWART_ADMIN_PASSWORD}%"
 
 # ── Resolver ───────────────────────────────────────────────────────────────
 # DNSSEC-aware system resolver. Mail deliverability depends on clean DNS.
@@ -85,7 +85,7 @@ enable = true
 # hostname; HMAC-signed so a public endpoint is safe.
 [webhook."audit-ingest"]
 url = "https://api.dezky.eu/ingest/stalwart/webhook"
-signature-key = "$env{STALWART_WEBHOOK_SECRET}"
+signature-key = "%{env:STALWART_WEBHOOK_SECRET}%"
 events = [
     "auth.success",
     "auth.failure",