Add auto-deployment infrastructure for all 4 LXCs

- Per-LXC deploy scripts (lxc151-hookshot, lxc106-cinny, lxc139-landing, lxc110-draupnir)
- Per-LXC webhook hook configs with unique HMAC-SHA256 secrets
- Livekit graceful restart script + systemd timer (waits for zero active calls)
- Fix hookshot/deploy.sh capitalization bug (Uptime-Kuma, Tinker-Tickets, etc.)

Each LXC independently clones repo and runs its own deploy.sh via adnanh/webhook on port 9000.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

deploy/livekit-graceful-restart.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+# Checks every 5 minutes if a livekit restart is pending.
+# Only restarts when there are no active WebSocket connections on port 7881
+# (established connections = active call participants).
+# Run by: livekit-graceful-restart.timer (systemd)
+
+if [ ! -f /run/livekit-restart-pending ]; then
+    exit 0
+fi
+
+# Count established WebSocket signaling connections on livekit port 7881
+ACTIVE=$(ss -tn state established '( dport = :7881 or sport = :7881 )' | grep -c ESTAB || true)
+
+if [ "$ACTIVE" -gt 0 ]; then
+    echo "$(date): Livekit restart pending but $ACTIVE active connection(s) — waiting."
+    exit 0
+fi
+
+echo "$(date): No active calls — applying livekit-server restart."
+systemctl restart livekit-server
+rm -f /run/livekit-restart-pending
+echo "$(date): livekit-server restarted successfully."