nginx: extend HTML no-cache filter to /api/ (not just /api/dictionary/)

Run 546 surfaced the second half of the cache-poisoning bug. /api/health
(which goes through the /api/ location, not /api/dictionary/) showed
`x-cache-status: STALE` text/html — meaning nginx had cached the WAF
HTML block page as a 200 entry, then served it via proxy_cache_use_stale
when the upstream returned 403 on a fresh fetch. The browser saw
text/html for an endpoint that should be JSON, console-gate flagged the
fail, and 5+ specs broke despite /api/dictionary/* being healthy.

Fix is the same one-liner already applied to /api/dictionary/: require
$no_cache_html (set in flights-api-cache.conf based on upstream's
Content-Type) so HTML responses are never stored. Future WAF spasms
return 403 directly to the client instead of dispensing months-old
poisoned HTML.

deployment/nginx/ui-dashboard.gnerim.ru.conf

@@ -88,6 +88,11 @@ server {
         proxy_cache_lock       on;
         proxy_cache_use_stale  error timeout updating http_403 http_500 http_502 http_503 http_504;
         proxy_cache_bypass     $http_cache_control;
+        # Same rationale as /api/dictionary/ — refuse to cache the WAF
+        # block page (text/html). Prevents `proxy_cache_use_stale` from
+        # later serving that HTML as a stale 200 when the WAF returns 403
+        # on a fresh fetch.
+        proxy_no_cache         $no_cache_html;
         add_header             X-Cache-Status $upstream_cache_status always;
     }