nginx: Moved dot-file-exclution from global snippet to root snippet

Only file based servers may require this directive,
other servers are not expected to leak hidden files other than on purpose

roles/nginx/application/templates/global.conf

@@ -1,14 +1,5 @@
 include {{ nginx_snippets_directory }}/acme;
 
-# Do not serve hidden files except
-# - well-known as common web standard
-# - files prefixed with file because Nextcloud requires these locations for uploading files
-location ~ /\.(?!well-known)(?!file).* {
-    log_not_found off;
-    access_log off;
-    return 404;
-}
-
 location = /robots.txt {
     allow all;
     log_not_found off;

roles/nginx/application/templates/root.conf

@@ -1 +1,10 @@
 include {{ nginx_snippets_directory }}/global;
+
+# Do not serve hidden files except
+# - well-known as common web standard
+# - files prefixed with file because Nextcloud requires these locations for uploading files
+location ~ /\.(?!well-known)(?!file).* {
+    log_not_found off;
+    access_log off;
+    return 404;
+}