Docker should only be updated when run explicitly as it currently requires a re-run of the complete playbook afterwards (does not work for single-tag deployments e.g.) since it will recreate caddy container and lose all reverse proxy information.
Changed all 'become: ' values from 'yes' to 'true' to satisfy the schema (and also make the lsp shut up).
