fix: WebAuthn .well-known routing and cross-origin passkey support

Add Traefik priority=200 and service assignment to encryptid-wellknown
router so it wins over canvas-website/personal-site for the
/.well-known/webauthn path on jeffemmett.com. Add missing origins
(rpubs.online, shop.mycofi.earth, canvas/press/cart.jeffemmett.com)
to the allowed origins list.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docker-compose.encryptid.yml

@@ -28,9 +28,11 @@ services:
       - "traefik.http.routers.encryptid.rule=Host(`encryptid.jeffemmett.com`)"
       - "traefik.http.routers.encryptid.entrypoints=web"
       - "traefik.http.services.encryptid.loadbalancer.server.port=3000"
-      # Also serve from root domain for .well-known
+      # Also serve from root domain for .well-known (WebAuthn Related Origins)
       - "traefik.http.routers.encryptid-wellknown.rule=Host(`jeffemmett.com`) && PathPrefix(`/.well-known/webauthn`)"
       - "traefik.http.routers.encryptid-wellknown.entrypoints=web"
+      - "traefik.http.routers.encryptid-wellknown.priority=200"
+      - "traefik.http.routers.encryptid-wellknown.service=encryptid"
     networks:
       - traefik-public
       - encryptid-internal

src/encryptid/server.ts

@@ -80,6 +80,12 @@ const CONFIG = {
     'https://rcart.online',
     'https://rtube.online',
     'https://rstack.online',
+    'https://rpubs.online',
+    'https://shop.mycofi.earth',
+    'https://canvas.jeffemmett.com',
+    'https://press.jeffemmett.com',
+    'https://cart.jeffemmett.com',
+    'https://cart.mycofi.earth',
     'http://localhost:3000',
     'http://localhost:5173',
   ],