chore: migrate dev env to Traefik reverse proxy with HTTPS

Replace direct port exposure with Traefik labels for dev.resolutionflow.com
routing. Adds basic auth on frontend, TLS via Let's Encrypt, and updates
Vite allowedHosts.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docker-compose.dev.yml

@@ -22,8 +22,6 @@ services:
       context: ./backend
       dockerfile: Dockerfile.dev
     container_name: resolutionflow_backend
-    ports:
-      - "8000:8000"
     volumes:
       - ./backend:/app
     environment:
@@ -43,21 +41,33 @@ services:
     depends_on:
       db:
         condition: service_healthy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.rf-api.rule=Host(`dev.resolutionflow.com`) && PathPrefix(`/api`)"
+      - "traefik.http.routers.rf-api.entrypoints=websecure"
+      - "traefik.http.routers.rf-api.tls.certresolver=letsencrypt"
+      - "traefik.http.services.rf-api.loadbalancer.server.port=8000"
 
   frontend:
     build:
       context: ./frontend
       dockerfile: Dockerfile.dev
     container_name: resolutionflow_frontend
-    ports:
-      - "5173:5173"
     volumes:
       - ./frontend:/app
       - /app/node_modules
     environment:
-      - VITE_API_URL=http://46.202.92.250:8000
+      - VITE_API_URL=https://dev.resolutionflow.com/api
     depends_on:
       - backend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.rf-frontend.rule=Host(`dev.resolutionflow.com`)"
+      - "traefik.http.routers.rf-frontend.middlewares=dev-auth"
+      - "traefik.http.middlewares.dev-auth.basicauth.users=chihlasm:$$apr1$$dJXUAZ3Y$$SsJm.K8fOjCeNMe4B70Bi0"
+      - "traefik.http.routers.rf-frontend.entrypoints=websecure"
+      - "traefik.http.routers.rf-frontend.tls.certresolver=letsencrypt"
+      - "traefik.http.services.rf-frontend.loadbalancer.server.port=5173"
 
 volumes:
   rf_postgres_data: