config, docs: update whitelists.yaml.j2 and crowdsec.md to add whitelist expression to fix false positive of immich thumbnails 404 error

config/services/systemd/common/crowdsec/bouncers/whitelists.yaml.j2

@@ -14,4 +14,6 @@ whitelist:
     expression:
         # budget local-first sql scrap rule
         - "evt.Meta.target_fqdn == 'budget.ilnmors.com' && evt.Meta.http_path contains '/data/migrations/'"
+        # immich thumbnail request 404 error false positive
+        - "evt.Meta.target_fqdn == 'immich.ilnmors.com' && evt.Meta.http_path contains '/api/assets/' && evt.Meta.http_path contains '/thumbnail'"
 {% endif %}

docs/services/common/crowdsec.md

@@ -228,6 +228,11 @@ auth@auth:~$ sudo cscli alerts list
 │ 9  │ Ip:138.68.144.227  │ crowdsecurity/jira_cve-2021-26086 │         │    │ ban:1     │ 2026-03-06 04:18:18.35776077 +0000 UTC  │
 ╰────┴────────────────────┴───────────────────────────────────┴─────────┴────┴───────────┴─────────────────────────────────────────╯
 
+## Log check and inspect
 
+fw@fw:~$ sudo cscli alerts inspect 230 -d
 
+- check the log and analyze and make expression
+  - e.g. immich
+    - evt.Meta.target_fqdn == 'immich.ilnmors.com' && evt.Meta.http_path contains '/api/assets/' && evt.Meta.http_path contains '/thumbnail'