feat: Expose Grafana, Prometheus, and Flux UI via Tailscale LoadBalancer services

Replace Ansible port-forwarding + tailscale serve with direct Tailscale LB
services matching the existing Rancher pattern. Each service gets its own
tailnet hostname (grafana/prometheus/flux.silverside-gopher.ts.net).

ansible/site.yml

@@ -109,18 +109,6 @@
     - role: observability-content
       when: not (observability_gitops_enabled | default(true) | bool)
 
-- name: Configure private tailnet access
-  hosts: control_plane[0]
-  become: true
-  vars:
-    private_access_grafana_port: 30080
-    private_access_prometheus_port: 30990
-    private_access_flux_port: 30901
-    private_access_rancher_port: 9442
-
-  roles:
-    - private-access
-
 - name: Bootstrap Doppler access for External Secrets
   hosts: control_plane[0]
   become: true