Fix HA cluster join via Load Balancer private IP

Changes:
- Use LB private IP (10.0.1.5) instead of public IP for cluster joins
- Add LB private IP to k3s TLS SANs on primary control plane
- This allows secondary CPs and workers to verify certificates when joining via LB

Fixes x509 certificate validation error when joining via LB public IP.

terraform/outputs.tf

@@ -65,6 +65,6 @@ output "kubeconfig_command" {
 }
 
 output "kube_api_lb_ip" {
-  description = "Load Balancer IP for Kubernetes API"
-  value       = hcloud_load_balancer.kube_api.ipv4
+  description = "Load Balancer private IP for Kubernetes API (used for cluster joins)"
+  value       = hcloud_load_balancer_network.kube_api.ip
 }