Bump Immich to v2.7.5 + fix auto-bump workflow

[saju01]

What

1. Bumps the pinned Immich version v2.1.0 → v2.7.5 (latest upstream as of 2026-04-13).
2. Fixes the auto-bump workflow so future server releases update automatically without manual PRs.

Why it was stuck

The package ships an auto-check.yml workflow that runs dappnodesdk bump-upstream every 4 hours — designed to auto-open version-bump PRs. But it was failing on every run and is now auto-disabled by GitHub (no successful scheduled run since 2026-01-04). Two root causes:

• The push trigger watched branch master, but the repo's default branch is main → never fired on merges.
• No permissions: block → the default read-only GITHUB_TOKEN cannot create the branch/PR that bump-upstream needs, so every scheduled run exited 1.

That's why it sat at v2.1.0.

Changes

• docker-compose.yml: IMMICH_VERSION v2.1.0 → v2.7.5 (immich-server + immich-machine-learning)
• dappnode_package.json: upstream versions v2.1.0 → v2.7.5; package version 0.1.0 → 0.1.2
• .github/workflows/auto-check.yml: push branch master → main; add contents: write + pull-requests: write permissions

Notes

• Postgres image pin (14-vectorchord0.4.3-pgvectors0.2.0) is unchanged between v2.1.0 and v2.7.5 — matches the official v2.7.5 compose. No DB image change needed.
• Valkey left at 8-bookworm (upstream reference moved to valkey 9, but 8 is compatible; kept out of scope here).
• Immich runs schema migrations on startup, so the upgrade path from a running v2.1.0 deployment is handled by the app.

Note: re-enabling the disabled scheduled workflow on the upstream repo (Actions tab → enable) may be needed once, since GitHub disables schedules after 60 days of inactivity.

[saju01]

👋 Heads-up for maintainers on the workflow fix in this PR:

The auto-check.yml (bump-upstream) scheduled workflow has been failing on every run and GitHub has since auto-disabled the schedule (no successful scheduled run since 2026-01-04, ~5 months). Root causes, both fixed here:

1. push trigger watched master, but the repo default branch is main → never fired.
2. No permissions: block → the read-only default GITHUB_TOKEN couldn't create the bump branch/PR → every scheduled run exited 1.

Two manual steps needed after merge (can't be done from a fork):

• Re-enable the disabled schedule: repo → Actions tab → Bump upstream version → Enable workflow. GitHub won't re-arm the cron on its own.
• Confirm workflow write permissions are allowed at the repo/org level: Settings → Actions → General → Workflow permissions → "Read and write permissions" (the per-workflow permissions: block added here only takes effect if the repo policy permits it).

After that, the 4-hourly job should open Immich version-bump PRs automatically going forward. 🙏