mautrix-bluesky: expose bridge HTTP API (for mautrix-manager and similar)

Route the whole mautrix-bluesky HTTP port via Traefik under
`<matrix-fqn>/bridges/bluesky` and populate the existing
appservice.public_address, reusing the matrix_bridges_exposure_*
mechanism. The provisioning shared secret is already auto-generated in
group_vars, so the provisioning API is enabled.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

group_vars/matrix_servers

@@ -1471,6 +1471,11 @@ matrix_mautrix_bluesky_metrics_proxying_enabled: "{{ matrix_mautrix_bluesky_metr
 matrix_mautrix_bluesky_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
 matrix_mautrix_bluesky_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/mautrix-bluesky"
 
+matrix_mautrix_bluesky_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
+matrix_mautrix_bluesky_exposure_enabled: "{{ matrix_bridges_exposure_enabled }}"
+matrix_mautrix_bluesky_exposure_hostname: "{{ matrix_bridges_exposure_hostname }}"
+matrix_mautrix_bluesky_exposure_path_prefix: "{{ matrix_bridges_exposure_path_prefix }}/bluesky"
+
 matrix_mautrix_bluesky_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
 matrix_mautrix_bluesky_database_password: "{{ (matrix_homeserver_generic_secret_key + ':mau.twt.db') | hash('sha512') | to_uuid if postgres_enabled else '' }}"