feat(infra): migrate Stalwart to the v0.16 config model (config.json)

v0.16 dropped TOML config. The host service now boots from a tiny config.json
that describes only the datastore (RocksDB); all other settings live in the DB
(web UI / stalwart-cli / platform-api JMAP).

- add stalwart/config.json (RocksDb datastore at /opt/stalwart/data)
- install.sh: install config.json instead of config.toml
- stalwart-mail.service: --config points at config.json
- README: document the v0.16 model + remaining DB-side config + DNS/PTR

Verified: Stalwart 0.16.8 runs on node1 with default mail listeners + the :8080
management server. config.toml retained as a reference for the DB settings.

infrastructure/production/host/README.md

@@ -225,3 +225,21 @@ cert-manager + `ClusterIssuer`, ingress, the data tier (Postgres/Mongo/Redis),
 Authentik, OCIS + Collabora, and portal + platform-api — plus the
 `mail/mail-tls` cert and the DB-dump CronJobs this layer's `cert-sync` and
 backups depend on.
+
+## Stalwart v0.16 — config model change (IMPORTANT)
+
+v0.16 **removed TOML configuration**. The host service now boots from
+`stalwart/config.json` — a tiny file describing ONLY the datastore (RocksDB at
+`/opt/stalwart/data`). Every other setting (listeners, authentication, TLS,
+domains, DKIM, spam, webhooks) is stored in the DB and managed via the web admin
+UI, `stalwart-cli`, or platform-api over JMAP. `stalwart/config.toml` is kept as
+a reference for the settings to recreate in the DB; it is NOT loaded by v0.16.
+
+**Status (node1):** Stalwart 0.16.8 installed + running with default listeners
+(25/465/587/143/993/4190 + management on `:8080`). Still to configure (DB-side):
+- Fallback admin password (so platform-api can authenticate) + the audit webhook.
+- TLS for `mail.dezky.eu` — Stalwart's own ACME, or rework `cert-sync.sh` to feed
+  the cert-manager cert into the v0.16 DB cert model.
+- Domains / DKIM — provisioned by platform-api over JMAP.
+
+Then publish DNS (MX, SPF, DKIM, DMARC) and set the **PTR/rDNS** → `mail.dezky.eu`.