chore(ansible): centralize third-party Docker image versions

Add centralized image version variables in group_vars/all/vars.yml for
vulnerability tracking and controlled upgrades of third-party Docker
images (casdoor, flower, grafana-mcp, gitea-mcp, neo4j, memcached,
nginx, oauth2-proxy, rabbitmq, searxng).

Update vault.yml accordingly.

ansible/inventory/host_vars/ariel.incus.yml

@@ -12,8 +12,6 @@ alloy_log_level: "warn"
 neo4j_syslog_port: 22011
 
 # Neo4j
-neo4j_rel: master
-neo4j_version: "5.26.0"
 neo4j_user: neo4j
 neo4j_group: neo4j
 neo4j_directory: /srv/neo4j

ansible/inventory/host_vars/umbriel.incus.yml

@@ -0,0 +1,26 @@
+---
+# Umbriel Configuration - Graph Database Host (Mnemosyne)
+# Services: alloy, docker, neo4j
+#
+# Dedicated Neo4j instance for Mnemosyne. Do not share with Spelunker or any
+# other graph workload — Mnemosyne owns its Library/Collection/Item/Chunk/
+# Concept labels and runs its own indexes and schema migrations.
+
+services:
+  - alloy
+  - docker
+  - neo4j
+
+# Alloy
+alloy_log_level: "warn"
+neo4j_syslog_port: 22012
+
+# Neo4j
+neo4j_user: neo4j
+neo4j_group: neo4j
+neo4j_directory: /srv/neo4j
+neo4j_auth_user: neo4j
+neo4j_auth_password: "{{ vault_mnemosyne_neo4j_auth_password }}"
+neo4j_http_port: 25555
+neo4j_bolt_port: 7687
+neo4j_apoc_unrestricted: "apoc.*"