feat(lasuite): add Projects (Planka Kanban) service

Deploy Planka-based project management at projects.DOMAIN_SUFFIX:
- ConfigMap with OIDC, S3, SMTP, La Gaufre widget config
- Deployment + Service (init container for DB migrations, Sails on 1337)
- OAuth2Client (client_secret_basic, redirect to /oidc-callback)
- VaultDynamicSecret for DATABASE_URL, VaultStaticSecret for SECRET_KEY
- Pingora route with websocket support (Socket.io)
- Image overrides in both local and production overlays
- TLS cert dnsNames updated for projects subdomain
- Integration service.json updated with Projects entry
- seaweedfs-s3-credentials rolloutRestartTargets includes projects

base/lasuite/projects-config.yaml

@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: projects-config
+  namespace: lasuite
+data:
+  BASE_URL: "https://projects.DOMAIN_SUFFIX"
+  TRUST_PROXY: "1"
+  NODE_ENV: "production"
+
+  # OIDC — Hydra as the identity provider
+  OIDC_ISSUER: "https://auth.DOMAIN_SUFFIX/"
+  OIDC_SCOPES: "openid email profile"
+  OIDC_ENFORCED: "true"
+  OIDC_IGNORE_USERNAME: "true"
+  OIDC_IGNORE_ROLES: "true"
+  OIDC_ADMIN_ROLES: "*"
+  OIDC_FULLNAME_ATTRIBUTES: "given_name,family_name"
+
+  # S3 file storage via SeaweedFS
+  S3_ENDPOINT: "http://seaweedfs-filer.storage.svc.cluster.local:8333"
+  S3_BUCKET: "projects"
+  S3_REGION: "us-east-1"
+  S3_FORCE_PATH_STYLE: "true"
+
+  # SMTP via in-cluster Postfix relay
+  SMTP_HOST: "postfix.lasuite.svc.cluster.local"
+  SMTP_PORT: "25"
+  SMTP_SECURE: "false"
+  SMTP_FROM: "Projects <noreply@DOMAIN_SUFFIX>"
+
+  # La Gaufre waffle menu widget
+  REACT_APP_LAGAUFRE_WIDGET_API_URL: "https://integration.DOMAIN_SUFFIX/api/v2/services.json"
+  REACT_APP_LAGAUFRE_WIDGET_PATH: "https://integration.DOMAIN_SUFFIX/api/v2/"
+
+  # Default language for new OIDC users (browser detection fallback if unset)
+  DEFAULT_LANGUAGE: "en-US"
+
+  # Permissions
+  ALLOW_ALL_TO_CREATE_PROJECTS: "true"