• Close Integrate bitwarden lite as cc #7449

Adds the official Bitwarden unified self-hosted container ("Bitwarden Lite") as a community container, with automatic bw.$NC_DOMAIN subdomain support via aio-caddy, fail2ban coverage, and mutual-exclusivity notes with vaultwarden (both use the same subdomain).

New container: bitwarden-lite

• Image: ghcr.io/bitwarden/self-host:latest
• Port: 8813 (overrides default 8080 via ASPNETCORE_HTTP_PORTS=8813 to avoid conflict with AIO's admin panel)
• Domain configured via globalSettings__baseServiceUri__vault=https://bw.%NC_DOMAIN%
• Persistent data in /etc/bitwarden, included in AIO backups
• Admin panel at /admin requires SMTP (email OTP — unlike vaultwarden's static token)

aio-caddy

• Updated description and notes to reflect that bw.$NC_DOMAIN covers either vaultwarden or bitwarden-lite (mutually exclusive alternatives)
• Added DNS setup note for bitwarden-lite

aio-fail2ban

• Mounts nextcloud_aio_bitwarden_lite volume at /bitwarden-lite (read-only) for log-based banning

Incompatibility notices

• bitwarden-lite/readme.md: warns that vaultwarden and bitwarden-lite cannot be enabled simultaneously
• vaultwarden/readme.md: symmetric warning added pointing to bitwarden-lite