chore(ansible): centralize third-party Docker image versions

Add centralized image version variables in group_vars/all/vars.yml for
vulnerability tracking and controlled upgrades of third-party Docker
images (casdoor, flower, grafana-mcp, gitea-mcp, neo4j, memcached,
nginx, oauth2-proxy, rabbitmq, searxng).

Update vault.yml accordingly.

ansible/inventory/group_vars/all/vars.yml

@@ -42,6 +42,21 @@ searxng_oauth2_proxy_version: 7.6.0
 # Git ref (branch, tag, or commit) - https://github.com/heluca/freecad-addon-robust-mcp-server
 freecad_mcp_git_ref: "main"
 
+# Docker image versions (third-party)
+# Centralized for vulnerability tracking and controlled upgrades
+casdoor_image_version: "3.0.1"
+flower_image_version: "latest"
+grafana_mcp_image_version: "latest"
+gitea_mcp_image_version: latest
+neo4j_image_version: community-trixie
+neo4j_mcp_image_version: "latest"
+memcached_image_version: "1.6-trixie"
+nginx_image_version: "1.27-bookworm"
+nginx_exporter_image_version: "1.4"
+oauth2_proxy_image_version: "v7.6.0"
+rabbitmq_image_version: "3-management-alpine"
+searxng_image_version: "latest"
+
 # MCP URLs
 argos_mcp_url: http://miranda.incus:25534/mcp
 angelia_mcp_url: https://ouranos.helu.ca/mcp/