Add optional SMTP configuration for Authentik, including email host, port, and credentials. Update README and .env.sample to clarify usage for outbound email settings. Introduce blueprint support for enhanced deployment flexibility, with assertions in Ansible tasks to ensure required variables are set when enabled.

ansible/roles/noble_authentik/templates/blueprints/30-noble-brands-domain-split.yaml.j2

@@ -0,0 +1,27 @@
+# Noble — Brands so **Host** selects authentication flow: lab hostname → operator-only flow; extra hosts → default login.
+version: 1
+metadata:
+  name: noble-brands-domain-split
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+entries:
+  - model: authentik_brands.brand
+    identifiers:
+      domain: {{ noble_authentik_host | trim | to_json }}
+    attrs:
+      default: false
+      title: {{ noble_authentik_blueprint_lab_brand_title | trim | to_json }}
+      flow_authentication: !Find [authentik_flows.flow, [slug, {{ noble_authentik_blueprint_lab_flow_slug | trim | to_json }}]]
+      flow_invalidation: !Find [authentik_flows.flow, [slug, default-invalidation-flow]]
+      flow_user_settings: !Find [authentik_flows.flow, [slug, default-user-settings-flow]]
+{% for host in noble_authentik_ingress_extra_hosts | default([]) %}
+  - model: authentik_brands.brand
+    identifiers:
+      domain: {{ host | trim | to_json }}
+    attrs:
+      default: false
+      title: {{ ((noble_authentik_blueprint_public_brand_title_prefix | default('Noble public')) ~ ' (' ~ (host | trim) ~ ')') | to_json }}
+      flow_authentication: !Find [authentik_flows.flow, [slug, default-authentication-flow]]
+      flow_invalidation: !Find [authentik_flows.flow, [slug, default-invalidation-flow]]
+      flow_user_settings: !Find [authentik_flows.flow, [slug, default-user-settings-flow]]
+{% endfor %}