kms-website: activate against vlmcs.viktorbarzin.me, drop ODT-install + deep-legacy GVLKs

The page advertised kms.viktorbarzin.me:1688 as the KMS host, but that name
is the website (Traefik) — internally it resolves to 10.0.20.203 which has no
:1688 listener, so LAN clients failed with "KMS server cannot be reached".
Split the concern: siteHost (kms.viktorbarzin.me) serves the page + /scripts
downloads; kmsHost is now the dedicated A-only vlmcs.viktorbarzin.me endpoint
that resolves to the vlmcsd MetalLB IP (10.0.20.202) on the LAN (Technitium)
and to the public IP over the internet (Cloudflare -> pfSense WAN NAT :1688).

Moderate cleanup:
- remove the Office-install-via-ODT path from kms-bootstrap.ps1 (activation
  only now; manual ODT install docs stay on the page)
- collapse Windows 8.1/8/7/Vista + Server 2012/2008 GVLK tables into a legacy
  note (those keys still activate; just no longer tabled)
- drop the unused kmsHostLan param

Pairs with the infra /scripts Anubis carve-out that makes `iwr | iex` work.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

static/scripts/setup-kms.ps1

@@ -15,7 +15,7 @@
 
 [CmdletBinding()]
 param(
-    [string]$KmsHost = $(if ($env:KMS_HOST) { $env:KMS_HOST } else { 'kms.viktorbarzin.me' }),
+    [string]$KmsHost = $(if ($env:KMS_HOST) { $env:KMS_HOST } else { 'vlmcs.viktorbarzin.me' }),
     [int]   $KmsPort = $(if ($env:KMS_PORT) { [int]$env:KMS_PORT } else { 1688 })
 )