Fix 6 P1 infrastructure issues from code review (FRE-4574)

- ALB: deploy to public subnets instead of private (adds public_subnet_ids var)
- ECS: fix launch_desired_count → launch_type = FARGATE
- Secrets: accept actual RDS/ElastiCache endpoints from parent module
- Deploy: fix circular dependency (needs.detect → steps.detect)
- Health check: dynamic ALB DNS lookup via aws elbv2 CLI
- Health check: exit 1 on failure so rollback triggers

Co-Authored-By: Paperclip <noreply@paperclip.ing>

infra/main.tf

@@ -49,6 +49,7 @@ module "ecs" {
   cluster_name       = "${var.project_name}-${var.environment}"
   vpc_id             = module.vpc.vpc_id
   subnet_ids         = module.vpc.private_subnet_ids
+  public_subnet_ids  = module.vpc.public_subnet_ids
   security_group_ids = [module.vpc.ecs_security_group_id]
   services           = var.services
   container_images   = var.container_images
@@ -91,9 +92,11 @@ module "s3" {
 module "secrets" {
   source = "./modules/secrets"
 
-  environment  = var.environment
-  project_name = var.project_name
-  secrets      = var.secrets
+  environment          = var.environment
+  project_name         = var.project_name
+  rds_endpoint         = module.rds.db_endpoint
+  elasticache_endpoint = module.elasticache.cache_endpoint
+  secrets              = var.secrets
 }
 
 module "cloudwatch" {