feat(security): expose internal services and DoH to public

- Remove `internalOnly = true` flag from Vaultwarden, Forgejo, and AdGuard Home to make them publicly accessible again.

- This also re-exposes the DNS-over-HTTPS (DoH) endpoint on the AdGuard Home domain.

modules/forgejo.nix

@@ -97,7 +97,6 @@ in
     # Nginx Reverse Proxy
     myModules.nginx.domains."${cfg.domain}" = {
       port = cfg.port;
-      internalOnly = true;
       extraConfig = ''
         client_max_body_size 512M;
       '';