feat: NTP-Server (Chrony) — vollständig

Stub raus, vollständige Implementierung analog Unbound/Squid:

* Migration 0015: ntp_settings (single-row mit listen_addresses,
  allow_acl, serve_clients, makestep, rtcsync) + ntp_pools (kind
  pool|server, address, iburst/prefer, minpoll/maxpoll). Default
  4 deutsche pool.ntp.org-Server seeded.
* Models DNSSettings/NTPPool, services/ntp Repo, handlers/ntp.go
  REST /api/v1/ntp/{settings,pools} mit Auto-Restart nach Mutation.
* internal/chrony/chrony.cfg.tpl + chrony.go: Renderer schreibt
  /etc/chrony/conf.d/edgeguard.conf direkt (analog unbound — distro
  chrony.conf included conf.d automatisch). Listen-bind nur wenn
  serve_clients=true; sonst port 0 (= Client-only).
* main.go: ntpRepo + chronyReloader injiziert.
* render.go: chrony als sechste generator.
* postinst:
  - chrony als hard Depends im control file.
  - Conf-Datei /etc/chrony/conf.d/edgeguard.conf wird als
    edgeguard:edgeguard 0644 angelegt.
  - Sudoers für systemctl reload + restart chrony.
* Auto-FW-Rule-Generator: udp/123 wenn serve_clients=true und
  listen_addresses non-loopback enthält.
* Frontend /ntp: PageHeader + Quellen-Tab + Settings-Tab. Listen-
  Addresses als Multi-Select aus Kernel-IPs (analog DNS).
* Sidebar-Eintrag unter Network.
* i18n DE/EN für ntp.* Block.

chrony.service hat kein 'reload' — Renderer ruft RestartService auf.

Verified: 4 default-pool-server connected (chronyc sources zeigt
sie nach erstem render).

Version 1.0.40.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

management-ui/src/i18n/locales/en/common.json

@@ -15,6 +15,7 @@
     "wireguard": "WireGuard",
     "forwardProxy": "Forward proxy",
     "dns": "DNS",
+    "ntp": "Time (NTP)",
     "firewall": "Firewall",
     "cluster": "Cluster",
     "settings": "Settings",
@@ -400,6 +401,44 @@
       "wg": "WireGuard"
     }
   },
+  "ntp": {
+    "title": "Time server (Chrony)",
+    "intro": "Chrony as time-sync daemon (NTP). Sources on top, listen/serve config on the settings tab. With 'serve_clients' on and LAN-IPs bound, the box itself becomes an NTP server for the LAN.",
+    "tabs": { "pools": "Sources", "settings": "Settings" },
+    "pool": {
+      "kind": "Type",
+      "kindPool": "pool — DNS round-robin (multiple servers from A records)",
+      "kindServer": "server — single host",
+      "address": "Address / host",
+      "addressExtra": "FQDN (for pool: 0.de.pool.ntp.org) or IP.",
+      "iburst": "iburst",
+      "prefer": "prefer",
+      "minpoll": "min-poll",
+      "maxpoll": "max-poll",
+      "options": "Options",
+      "description": "Description",
+      "add": "Add source",
+      "edit": "Edit source",
+      "deleteConfirm": "Really delete NTP source {{addr}}?"
+    },
+    "settings": {
+      "intro": "Global chrony settings. Saves reload chrony automatically.",
+      "serveClients": "Act as NTP server for clients",
+      "serveClientsExtra": "If off: chrony acts as client only (port 0). If on + listen IP: binds UDP/123.",
+      "listenAddresses": "Listen addresses",
+      "listenAddressesPlaceholder": "Pick IPs (or type)",
+      "listenAddressesExtra": "Which IPs chrony binds :123/UDP on. 127.0.0.1+::1 = local only; LAN IPs open for LAN clients (FW rule auto-generated).",
+      "allowACL": "Allow ACL (CIDRs)",
+      "allowACLExtra": "Who is allowed to ask for NTP time.",
+      "makestepSecs": "makestep secs",
+      "makestepSecsExtra": "Allow step (vs. slew) when offset > N seconds.",
+      "makestepLimit": "makestep limit",
+      "rtcsync": "Sync RTC with system time",
+      "rtcsyncExtra": "Keep hardware clock in sync every 11 min — after reboot time is roughly correct.",
+      "leapsectz": "Leap-sec TZ",
+      "leapsectzExtra": "Optional, e.g. 'right/UTC' for leap-sec via tzdata."
+    }
+  },
   "dns": {
     "title": "DNS (Unbound)",
     "intro": "Unbound resolver on :53. Local zones (authoritative from DNS records) and forward zones (stub-zone to remote resolvers). Default forwarders catch everything else.",