manifests: revert filebrowser v2.63.13 -> v2-alpine (PVC permission issue)

The previous PR pinned `filebrowser/filebrowser:v2-alpine` to v2.63.13
but it crashlooped on:

  Error: open /database/filebrowser.db: permission denied

The v2.63.13 image (debian-based default) runs as a non-root UID and
can't write to files on the PVC that were created by the v2-alpine
image (which ran as root). No `v2.63.13-alpine` tag exists upstream
(filebrowser stopped publishing per-version alpine variants), so we
can't trivially preserve the same runtime.

Quick recovery: revert to v2-alpine so filebrowser is usable again.
Proper fix (deferred): either an initContainer that `chown -R 1000:1000
/database /srv` or a `securityContext.fsGroup: 1000` on the pod spec
to let the non-root UID write to the existing PVC. Both require some
care since the chown is destructive if the UID is wrong.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

manifests/umami.yaml

@@ -187,7 +187,7 @@ spec:
               cpu: "50m"
       containers:
         - name: umami
-          image: ghcr.io/umami-software/umami:postgresql-latest
+          image: ghcr.io/umami-software/umami:postgresql-v1.38.0
           ports:
             - containerPort: 3000
           env:

manifests/webpage.yaml

@@ -107,6 +107,11 @@ spec:
     spec:
       containers:
         - name: filebrowser
+          # NOTE: v2-alpine is a moving tag (Renovate can't track it).
+          # Pinning to v2.63.13 (debian-based default) broke the PVC permissions
+          # (the image runs as a non-root UID and can't write to files left
+          # by the alpine variant). A clean re-pin needs either an initContainer
+          # to chown the PVC, or a fsGroup on the pod spec. Revisit when time permits.
           image: filebrowser/filebrowser:v2-alpine
           ports:
             - containerPort: 8080