Round-6 follow-up: UX polish + client-IP fix

- Client IP: the compose caddy trusts X-Forwarded-For from private-range
  upstreams (trusted_proxies private_ranges), so the real client IP survives
  the host-caddy hop (it was logging the docker caddy hop 172.18.0.x for chat
  moderation and bucketing the gateway per-IP rate limiter on it). Correct and
  spoof-safe in both contours (prod has no host caddy); peerIP unit-tested.
- Ad banner gated off behind a compile-time SHOW_AD_BANNER=false (the if-branch,
  the AdBanner import and banner.ts are tree-shaken out of the prod bundle).
- Landing: the Telegram entry is just the 64px logo (clickable, no button/text).
- TG-fullscreen header: title + menu centred as a pair (hamburger right of the
  title), pinned to the bottom of the TG nav band.
- Edge-swipe back (Screen): a left-edge rightward drag navigates to back
  (touch/pen only, armed from <=24px; skipped inside Telegram).
- Chat soft-keyboard: a bottom-sheet Modal lifted above the keyboard by a
  visualViewport-driven transform (compositor-only, no page/sheet relayout).
  iOS-specific, needs on-device tuning; native resize=none awaits Capacitor.
- Tests: e2e for the in-game '✓ in friends' item and a board→board tile
  relocation; codec units for last_activity_unix + OutgoingRequestList.

Deferred to the next PR (agreed): #4 enrich the your-turn/game-end push; #5 hide
finished games from the lobby.

deploy/caddy/Caddyfile

@@ -8,6 +8,14 @@
 # ACME and the contour is self-contained.
 {
 	admin off
+	# Trust X-Forwarded-For from private-range upstreams so the real client IP survives
+	# (chat moderation + per-IP rate limiting in the gateway). Test contour: the host caddy
+	# (a private IP) is trusted, so its forwarded client IP is preserved. Prod (no host caddy):
+	# clients connect from public IPs, which are NOT trusted, so Caddy uses the real peer —
+	# the same config is correct (and spoof-safe) in both contours (Stage 17).
+	servers {
+		trusted_proxies static private_ranges
+	}
 }
 
 {$CADDY_SITE_ADDRESS::80} {