refactor: remove La Suite services (except Meet + Collabora), delete local overlay

La Suite Messages, Calendars, Drive, Projects, Hive, Integration, and
Postfix are replaced by Stalwart (mail) and Tuwunel (messaging). Meet
and Collabora remain for video conferencing and document editing.

Local overlay was POC only — all deployment targets production now.

Deleted: 37 La Suite manifests, Drive Helm chart, 7 local overlay files,
stale MTA-in hostPort patch. Cleaned up production image overrides and
resource patches for removed services.

base/lasuite/messages-config.yaml

@@ -1,45 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: messages-config
-  namespace: lasuite
-data:
-  DJANGO_CONFIGURATION:          Production
-  DJANGO_SETTINGS_MODULE:        messages.settings
-  DJANGO_ALLOWED_HOSTS:          mail.DOMAIN_SUFFIX,messages-backend.lasuite.svc.cluster.local
-  ALLOWED_HOSTS:                 mail.DOMAIN_SUFFIX,messages-backend.lasuite.svc.cluster.local
-  DJANGO_CSRF_TRUSTED_ORIGINS:   https://mail.DOMAIN_SUFFIX
-  DB_NAME:                       messages_db
-  DB_USER:                       messages
-  OPENSEARCH_URL:                http://opensearch.data.svc.cluster.local:9200
-  MDA_API_BASE_URL:              http://messages-backend.lasuite.svc.cluster.local:80/api/v1.0/
-  MYHOSTNAME:                    mail.DOMAIN_SUFFIX
-  # rspamd URL (auth token injected separately from messages-mpa-credentials secret)
-  SPAM_RSPAMD_URL:               http://messages-mpa.lasuite.svc.cluster.local:8010/_api
-  MESSAGES_FRONTEND_BACKEND_SERVER: messages-backend.lasuite.svc.cluster.local:80
-  STORAGE_MESSAGE_IMPORTS_BUCKET_NAME:  sunbeam-messages-imports
-  STORAGE_MESSAGE_IMPORTS_ENDPOINT_URL: http://seaweedfs-filer.storage.svc.cluster.local:8333
-  AWS_STORAGE_BUCKET_NAME:       sunbeam-messages
-  IDENTITY_PROVIDER:             oidc
-  FRONTEND_THEME:                default
-  DRIVE_BASE_URL:                https://drive.DOMAIN_SUFFIX
-  LOGIN_REDIRECT_URL:            https://mail.DOMAIN_SUFFIX
-  LOGOUT_REDIRECT_URL:           https://mail.DOMAIN_SUFFIX
-  OIDC_REDIRECT_ALLOWED_HOSTS:   '["https://auth.DOMAIN_SUFFIX"]'
-  MTA_OUT_MODE:                  direct
-  # Create user accounts on first OIDC login (required — no pre-provisioning)
-  OIDC_CREATE_USER:              "True"
-  # Redirect to home on auth failure (avoids HttpResponseRedirect(None) → /callback/None 404)
-  LOGIN_REDIRECT_URL_FAILURE:    https://mail.DOMAIN_SUFFIX
-  # Store OIDC tokens in session so the Drive integration can proxy requests on behalf of the user.
-  OIDC_STORE_ACCESS_TOKEN:       "True"
-  OIDC_STORE_REFRESH_TOKEN:      "True"
-  # Session lives 7 days — long enough to survive overnight/weekend without re-auth.
-  # Default is 43200 (12h) which forces a login after a browser restart.
-  SESSION_COOKIE_AGE:            "604800"
-  # Renew the id token 60 s before it expires (access_token TTL = 1h).
-  # Without this the default falls back to SESSION_COOKIE_AGE (7 days), which means
-  # every request sees the 1h token as "expiring within 7 days" and triggers a
-  # prompt=none renewal on every page load — causing repeated auth loops.
-  OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS: "60"
-  # offline_access scope is set directly in the deployment env (overrides lasuite-oidc-provider envFrom).