Enhance Authentik configuration by introducing dedicated authentication flows for public and lab brands, including stricter password policies and MFA requirements. Update README to clarify flow distinctions and invitation enrollment processes. Improve validation in Ansible tasks to ensure all necessary blueprint variables are set, enhancing deployment robustness.

ansible/roles/noble_authentik/templates/blueprints/30-noble-brands-domain-split.yaml.j2

@@ -1,4 +1,4 @@
-# Noble — Brands so **Host** selects authentication flow: lab hostname → operator-only flow; extra hosts → default login.
+# Noble — Brands so **Host** selects authentication flow: lab hostname → operator-only hardened flow; extra hosts → public flow (**21**).
 version: 1
 metadata:
   name: noble-brands-domain-split
@@ -21,7 +21,7 @@ entries:
     attrs:
       default: false
       title: {{ ((noble_authentik_blueprint_public_brand_title_prefix | default('Noble public')) ~ ' (' ~ (host | trim) ~ ')') | to_json }}
-      flow_authentication: !Find [authentik_flows.flow, [slug, default-authentication-flow]]
+      flow_authentication: !Find [authentik_flows.flow, [slug, {{ noble_authentik_blueprint_public_auth_flow_slug | trim | to_json }}]]
       flow_invalidation: !Find [authentik_flows.flow, [slug, default-invalidation-flow]]
       flow_user_settings: !Find [authentik_flows.flow, [slug, default-user-settings-flow]]
 {% endfor %}