feat(infra): add launch readiness quick wins

- Add mem_limit to all 6 app containers (db: 512m, redis: 128m,
  api: 512m, celery-worker: 512m, celery-beat: 128m, flower: 128m)
- Restrict Flower port to localhost (127.0.0.1:5555:5555)
- Add PostgreSQL and Redis health checks to /health/ready endpoint
  with individual check details (name, status, latency)
- Add scaling guide with metrics, thresholds, Hetzner pricing
- Add server verification script (12 infrastructure checks)
- Update hetzner-server-setup.md with progress and pending tasks

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs/deployment/hetzner-server-setup.md

@@ -132,6 +132,22 @@ Complete step-by-step guide for deploying Orion on a Hetzner Cloud VPS.
 
     **Steps 1–24 fully deployed and operational.**
 
+!!! success "Progress — 2026-02-16 (continued)"
+    **Launch readiness — code changes:**
+
+    - **Memory limits** added to all 6 app containers in `docker-compose.yml` (db: 512m, redis: 128m, api: 512m, celery-worker: 512m, celery-beat: 128m, flower: 128m)
+    - **Flower port** restricted to localhost only (`127.0.0.1:5555:5555`) — access via Caddy reverse proxy
+    - **Infrastructure health checks** — `/health/ready` now checks PostgreSQL (`SELECT 1`) and Redis (`ping`) with individual check details and latency
+    - **Scaling guide** — practical playbook at `docs/deployment/scaling-guide.md` (metrics, thresholds, Hetzner pricing, timeline)
+    - **Server verification script** — `scripts/verify-server.sh` checks all 12 infrastructure components
+
+    **Pending server-side tasks:**
+
+    - [ ] Deploy fail2ban Caddy auth jail (documented in Step 20, config ready but not yet applied)
+    - [ ] Change Flower password from default (`FLOWER_PASSWORD` in `.env`)
+    - [ ] Verify unattended-upgrades is active (`sudo unattended-upgrades --dry-run`)
+    - [ ] Run `scripts/verify-server.sh` on server to validate all infrastructure
+
 
 ## Installed Software Versions