Fix 6 P1 infrastructure issues from code review (FRE-4574)

- ALB: deploy to public subnets instead of private (adds public_subnet_ids var)
- ECS: fix launch_desired_count → launch_type = FARGATE
- Secrets: accept actual RDS/ElastiCache endpoints from parent module
- Deploy: fix circular dependency (needs.detect → steps.detect)
- Health check: dynamic ALB DNS lookup via aws elbv2 CLI
- Health check: exit 1 on failure so rollback triggers

Co-Authored-By: Paperclip <noreply@paperclip.ing>

infra/modules/secrets/main.tf

@@ -8,6 +8,16 @@ variable "project_name" {
   type        = string
 }
 
+variable "rds_endpoint" {
+  description = "RDS instance endpoint"
+  type        = string
+}
+
+variable "elasticache_endpoint" {
+  description = "ElastiCache primary endpoint"
+  type        = string
+}
+
 variable "secrets" {
   description = "Secrets to store"
   type        = map(string)
@@ -29,15 +39,13 @@ resource "aws_secretsmanager_secret_version" "main" {
   secret_id = aws_secretsmanager_secret.main.id
 
   secret_string = jsonencode(merge({
-    DATABASE_URL = "postgresql://shieldai:${var.project_name}@${var.project_name}-${var.environment}-db.${data.aws_caller_identity.current.account_id}.us-east-1.rds.amazonaws.com:5432/shieldai"
-    REDIS_URL    = "redis://${var.project_name}-${var.environment}-redis.${data.aws_caller_identity.current.account_id}.us-east-1.cache.amazonaws.com:6379"
+    DATABASE_URL = "postgresql://shieldai:${var.project_name}@${var.rds_endpoint}:5432/shieldai"
+    REDIS_URL    = "redis://${var.elasticache_endpoint}:6379"
     NODE_ENV     = var.environment
     LOG_LEVEL    = var.environment == "production" ? "info" : "debug"
   }, var.secrets))
 }
 
-data "aws_caller_identity" "current" {}
-
 output "secrets_manager_arn" {
   description = "Secrets Manager ARN"
   value       = aws_secretsmanager_secret.main.arn