fix(lasuite): fix OIDC config for People login

- Switch all user-facing app OAuth2 clients to client_secret_post
  (mozilla-django-oidc sends credentials in POST body by default)
- Set LOGIN_REDIRECT_URL=/ so Django redirects to frontend after login
- Add local overlay patch to disable OIDC SSL verification
  (mkcert CA not trusted inside pods; production uses real certs)

overlays/local/kustomization.yaml

@@ -37,6 +37,12 @@ images:
     newName: src.DOMAIN_SUFFIX/studio/people-frontend
 
 patches:
+  # Disable SSL verification for OIDC server-side calls — mkcert CA not trusted in pods
+  - path: patch-oidc-verify-ssl.yaml
+    target:
+      kind: ConfigMap
+      name: lasuite-oidc-provider
+
   # Add hostPort for TURN relay range on Lima VM
   - path: values-pingora.yaml
     target:

overlays/local/patch-oidc-verify-ssl.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: lasuite-oidc-provider
+  namespace: lasuite
+data:
+  OIDC_VERIFY_SSL: "false"