Add fail2ban dev test environment (Stage 0)

- Add bangui-sim filter (filter.d/bangui-sim.conf) matching the
  simulated authentication failure log format
- Add bangui-sim jail (jail.d/bangui-sim.conf) with maxretry=3,
  bantime=60s, findtime=120s, ignoreip safeguard, polling backend
- Mount Docker/logs/ into fail2ban container at /remotelogs/bangui
  in compose.debug.yml
- Add simulate_failed_logins.sh to write synthetic failure lines
- Add check_ban_status.sh with optional --unban flag
- Add dev-ban-test Makefile target for one-command smoke testing
- Write Docker/fail2ban-dev-config/README.md with setup and
  troubleshooting docs
- Update .gitignore to track custom config files while still
  excluding auto-generated linuxserver fail2ban files

Docker/fail2ban-dev-config/fail2ban/jail.d/bangui-sim.conf

@@ -0,0 +1,20 @@
+# ──────────────────────────────────────────────────────────────
+#  BanGUI — Simulated authentication failure jail
+#
+#  Watches Docker/logs/auth.log (mounted at /remotelogs/bangui)
+#  for lines produced by Docker/simulate_failed_logins.sh.
+# ──────────────────────────────────────────────────────────────
+
+[bangui-sim]
+
+enabled    = true
+filter     = bangui-sim
+logpath    = /remotelogs/bangui/auth.log
+backend    = polling
+maxretry   = 3
+findtime   = 120
+bantime    = 60
+banaction  = iptables-allports
+
+# Never ban localhost, the Docker bridge network, or the host machine.
+ignoreip   = 127.0.0.0/8 ::1 172.16.0.0/12