Add standalone mode for sx-web.org deployment

- SX_STANDALONE=true env var: no OAuth, no root header, no cross-service
  fragments. Same image runs in both rose-ash cooperative and standalone.
- Factory: added no_oauth parameter to create_base_app()
- Standalone layout defcomps skip ~root-header-auto/~root-mobile-auto
- Fixed Dockerfile: was missing sx/sx/ component directory copy
- CI: deploys sx-web swarm stack on main branch when sx changes
- Stack config at ~/sx-web/ (Caddy → sx_docs, Redis)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

shared/infrastructure/factory.py

@@ -47,6 +47,7 @@ def create_base_app(
     context_fn: Callable[[], Awaitable[dict]] | None = None,
     before_request_fns: Sequence[Callable[[], Awaitable[None]]] | None = None,
     domain_services_fn: Callable[[], None] | None = None,
+    no_oauth: bool = False,
 ) -> Quart:
     """
     Create a Quart app with shared infrastructure.
@@ -156,7 +157,7 @@ def create_base_app(
     # Auto-register OAuth client blueprint for non-account apps
     # (account is the OAuth authorization server)
     _NO_OAUTH = {"account"}
-    if name not in _NO_OAUTH:
+    if name not in _NO_OAUTH and not no_oauth:
         from shared.infrastructure.oauth import create_oauth_blueprint
         app.register_blueprint(create_oauth_blueprint(name))
 
@@ -205,7 +206,7 @@ def create_base_app(
 
     # Auth state check via grant verification + silent OAuth handshake
     # MUST run before _load_user so stale sessions are cleared first
-    if name not in _NO_OAUTH:
+    if name not in _NO_OAUTH and not no_oauth:
         @app.before_request
         async def _check_auth_state():
             from quart import session as qs