navidrome: make apps work with forward auth

docker-compose.yml

@@ -374,9 +374,10 @@ services:
     labels:
       caddy: music.${DOMAIN_LOCAL}
       caddy.reverse_proxy: "{{ upstreams 4533 }}"
-      caddy.forward_auth: "authentik-server:9000"
-      caddy.forward_auth.uri: "/outpost.goauthentik.io/auth/caddy"
-      caddy.forward_auth.copy_headers: "X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name"
+      caddy.@protected.not.path: "/share/* /rest/*"
+      caddy.forward_auth_0: "@protected authentik-server:9000"
+      caddy.forward_auth_0.uri: "/outpost.goauthentik.io/auth/caddy"
+      caddy.forward_auth_0.copy_headers: "X-Authentik-Username"
     environment:
       ND_LASTFM_APIKEY: 29e22ee836a0cb51cfaacb72d605e30d
       ND_LASTFM_SECRET: 10aa58294eeffa142685e78a0cd78ad6