Use explicit PostgreSQL superuser name and fix check mode (#17)

## Summary
- Add `postgresql_superuser` variable (`eblume`) to prevent PostgreSQL from inheriting OS username during initdb
- Update all psql/createdb commands to use explicit `-U` flag
- Add `check_mode: false` to op commands so 1Password fetches run during `--check` mode
- Add PostgreSQL and Miniflux health checks to indri-services-check

## Test plan
- [x] Renamed existing superuser from `erichblume` to `eblume`
- [x] Ran `mise run provision-indri -- --tags postgresql --check --diff` successfully
- [x] Verified connection as `eblume` superuser via Tailscale
- [x] Ran `mise run indri-services-check` - all services healthy

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/17

ansible/playbooks/indri.yml

@@ -14,6 +14,7 @@
       register: _pg_superuser_pw
       changed_when: false
       no_log: true
+      check_mode: false
       tags: [postgresql]
 
     - name: Set PostgreSQL superuser password fact
@@ -29,6 +30,7 @@
       register: _pg_alloy_pw
       changed_when: false
       no_log: true
+      check_mode: false
       tags: [alloy, postgresql]
 
     - name: Set PostgreSQL alloy password fact
@@ -44,6 +46,7 @@
       register: _miniflux_db_pw
       changed_when: false
       no_log: true
+      check_mode: false
       tags: [miniflux, postgresql]
 
     - name: Set miniflux passwords fact
@@ -59,6 +62,7 @@
       register: _borgmatic_db_pw
       changed_when: false
       no_log: true
+      check_mode: false
       tags: [postgresql]
 
     - name: Build PostgreSQL user password lookup