DERP custom port requires explicit DERPPort configuration in ACL

When DERP server runs on non-standard port (e.g. 3443 instead of 443), clients cannot connect unless DERPPort is explicitly specified in Tailscale ACL derpMap configuration

Edit Tailscale Admin Console ACL JSON to include derpMap with explicit DERPPort field set to custom port number (e.g. 3443). Verify with curl -Iv https://derp.example.com:3443 showing HTTP/1.1 200 OK and SSL certificate verify ok, then run tailscale netcheck to confirm custom region selection