chore(geocoding): remove Pelias + close 3 bypass paths to public Nominatim

Pelias was retired from the Mac mini on 2026-04-28; photon-self
(self-hosted Photon on mana-gpu) has been the live primary since then.
This removes the now-dead Pelias adapter, config, tests, and the
services/mana-geocoding/pelias/ stack — the entire compose file, the
geojsonify_place_details.js patch, the setup.sh import script.

Provider chain is now `photon-self → photon → nominatim`. The chain
keeps its `privacy: 'local' | 'public'` split, sensitive-query
blocking, coord quantization, and aggressive caching unchanged.

Three direct calls to nominatim.openstreetmap.org that bypassed
mana-geocoding now route through the wrapper:

- citycorners/add-city + citycorners/cities/[slug]/add use the shared
  searchAddress() client (browser → same-origin proxy → mana-geocoding
  → photon-self).
- memoro mobile drops its OSM reverse-geocoding fallback entirely;
  Expo's on-device reverse-geocoding stays as the sole path. Routing
  through the wrapper would require a memoro-server proxy endpoint —
  a follow-up if Expo's quality proves insufficient.

Other behavioral changes:

- CACHE_PUBLIC_TTL_MS dropped from 7d → 1h. The long TTL was a
  privacy-amplification trick from the Pelias era; with photon-self
  serving the bulk of traffic, a transient cross-LAN blip was pinning
  cached fallback answers for days. 1h gives quick recovery.
- /health/pelias renamed to /health/photon-self; prometheus blackbox
  config + status-page generator updated.
- mana-geocoding container no longer needs `extra_hosts:
  host.docker.internal:host-gateway` (was only there for the
  Pelias-on-host-network era).

113 tests passing. CLAUDE.md rewritten to reflect the post-Pelias
architecture.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docker-compose.macmini.yml

@@ -491,10 +491,9 @@ services:
       - "traefik.http.services.mana-events.loadbalancer.server.port=3065"
 
   # ─── Geocoding ───────────────────────────────────────────
-  # Thin Hono wrapper in front of a self-hosted Pelias stack.
-  # Pelias itself (elasticsearch + api + libpostal) runs from a separate
-  # compose file in services/mana-geocoding/pelias/ — see
-  # services/mana-geocoding/CLAUDE.md for the initial import procedure.
+  # Thin Hono wrapper in front of self-hosted Photon (mana-gpu) with
+  # public photon.komoot.io and Nominatim as last-resort fallbacks.
+  # See services/mana-geocoding/CLAUDE.md for provider-chain details.
   # Internal-only: no traefik labels, not exposed via Cloudflare.
   mana-geocoding:
     build:
@@ -504,14 +503,9 @@ services:
     container_name: mana-geocoding
     restart: always
     mem_limit: 128m
-    # Pelias runs on host network via its own compose, so the wrapper
-    # reaches it via host.docker.internal (Pelias API at :4000).
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
     environment:
       TZ: Europe/Berlin
       PORT: 3018
-      PELIAS_API_URL: http://host.docker.internal:4000/v1
       # Self-hosted Photon on mana-gpu (cross-LAN). When set, registers
       # as `photon-self` provider with privacy: 'local' — eligible for
       # sensitive queries. Empty value = slot disabled.