fix(security): remove MySQL and Redis port exposure to host

MySQL (3306) and Redis (6379) were published to all host interfaces
despite only being accessed by the admin container via Docker's internal
network. Redis has no authentication, so anyone on the LAN could connect.

Removes the port mappings — containers still communicate internally via
Docker service names.

Closes #279

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: 2 people

install/management_compose.yaml

@@ -57,8 +57,6 @@ services:
     image: mysql:8.0
     container_name: nomad_mysql
     restart: unless-stopped
-    ports:
-      - "3306:3306"
     environment:
       - MYSQL_ROOT_PASSWORD=replaceme
       - MYSQL_DATABASE=nomad
@@ -75,8 +73,6 @@ services:
     image: redis:7-alpine
     container_name: nomad_redis
     restart: unless-stopped
-    ports:
-      - "6379:6379"
     volumes:
       - /opt/project-nomad/redis:/data
     healthcheck: