I have to admit that I don’t understand your setup.
On one side you have a super complicated setup with templates, dedicated users and even a Docker socket proxy, so it seems you care about security.
Then you make the Docker socket proxy accessible to all services, instead of using a separate network.
You want to run a two year old version of Traefik, although there are bug fixes like every months and security fixed every couple of months.
This doesn’t make sense to me. Sorry, I do care about making the Internet a safer place.
Regarding use of Docker socket proxy, maybe check this recent discussion.