lasuite: declarative pre-work for La Suite app deployments

- Add find user and find_db to postgres-cluster.yaml (11th database)
- Add sunbeam-messages-imports and sunbeam-people buckets to SeaweedFS
- Configure Hydra Maester with enabledNamespaces: [lasuite] so it can
  create and update OAuth2Client secrets in the lasuite namespace
- Add find to Kratos allowed_return_urls
- Add shared ConfigMaps: lasuite-postgres, lasuite-valkey, lasuite-s3,
  lasuite-oidc-provider — single source of truth for all app env vars
- Add HydraOAuth2Client CRDs for all nine La Suite apps (docs, drive,
  meet, conversations, messages, people, find, gitea, hive); Maester
  will create oidc-<app> secrets with CLIENT_ID and CLIENT_SECRET

base/lasuite/kustomization.yaml

@@ -10,61 +10,6 @@ resources:
   - hive-deployment.yaml
   - hive-service.yaml
   - seaweedfs-buckets.yaml
+  - shared-config.yaml
+  - oidc-clients.yaml
 
-# La Suite Numérique Helm charts:
-# Each component's chart lives in-tree inside its own GitHub repo (under helm/ or charts/).
-# There is NO published Helm repo index at a suitenumerique.github.io URL — charts must be
-# pulled from each component's repo individually.
-#
-# Options:
-#   a) Use Flux HelmRepository with type=git pointing at each suitenumerique/<app> repo.
-#   b) Package each chart locally (`helm package`) and commit to this repo under charts/.
-#   c) Use OCI if/when they start publishing to GHCR (check each repo's CI for ghcr.io pushes).
-#
-# Recommended starting points:
-#   - https://github.com/suitenumerique/docs        (helm/ directory)
-#   - https://github.com/suitenumerique/meet        (helm/ directory)
-#   - https://github.com/suitenumerique/drive       (helm/ directory)
-#   - https://github.com/suitenumerique/people      (helm/ directory)
-#   - https://github.com/suitenumerique/messages    (check for helm/ directory)
-#   - https://github.com/suitenumerique/conversations (check for helm/ directory)
-#
-# TODO: Once each app's chart path is confirmed, add helmCharts entries here.
-# Placeholder entries (commented out) — verify chart name and repo format first:
-
-# helmCharts:
-#   - name: docs
-#     repo: oci://ghcr.io/suitenumerique/docs   # hypothetical; verify on ghcr.io first
-#     version: "1.0.0"
-#     releaseName: docs
-#     namespace: lasuite
-#
-#   - name: meet
-#     repo: oci://ghcr.io/suitenumerique/meet
-#     version: "1.0.0"
-#     releaseName: meet
-#     namespace: lasuite
-#
-#   - name: drive
-#     repo: oci://ghcr.io/suitenumerique/drive
-#     version: "1.0.0"
-#     releaseName: drive
-#     namespace: lasuite
-#
-#   - name: messages
-#     repo: oci://ghcr.io/suitenumerique/messages
-#     version: "1.0.0"
-#     releaseName: messages
-#     namespace: lasuite
-#
-#   - name: conversations
-#     repo: oci://ghcr.io/suitenumerique/conversations
-#     version: "1.0.0"
-#     releaseName: conversations
-#     namespace: lasuite
-#
-#   - name: people
-#     repo: oci://ghcr.io/suitenumerique/people
-#     version: "1.0.0"
-#     releaseName: people
-#     namespace: lasuite