Add Authentik and oauth2-proxy support to noble cluster setup, including environment variables, playbook tags, and landing URLs. Update README and kustomization.yaml to reflect new OIDC integration, enhancing security and user authentication capabilities.

clusters/noble/bootstrap/argocd/values-authentik-oidc.yaml

@@ -0,0 +1,20 @@
+# OIDC with Authentik (merged on `helm upgrade` after **noble_authentik** provisions providers + Secret **authentik-oidc**).
+# Issuer path uses provider slug **argocd** (see noble_authentik/configure_authentik.py).
+
+configs:
+  cm:
+    oidc.config: |
+      name: Authentik
+      issuer: https://auth.apps.noble.lab.pcenicni.dev/application/o/argocd/
+      clientID: argocd
+      clientSecret: $authentik-oidc:clientSecret
+      requestedScopes:
+        - openid
+        - profile
+        - email
+        - groups
+  rbac:
+    policy.default: role:readonly
+    policy.csv: |
+      g, admin, role:admin
+      g, noble-admins, role:admin