Refactor Nextcloud configuration to use OCC script approach and add email/OIDC support

Major architectural changes:
- Replace config file templating with unified OCC command script
- Remove custom_apps mount overlay that caused Caddy serving issues
- Implement script-based configuration for idempotency and clarity

Configuration improvements:
- Add email/SMTP support with master switch (nextcloud_email_enabled)
- Add OIDC/SSO integration with Authentik support
- Add apps installation (user_oidc, calendar, contacts)
- Enable group provisioning and quota management from OIDC
- Set nextcloud_oidc_unique_uid to false per Authentik docs

Files removed:
- nextcloud.config.php.j2 (replaced by OCC commands)
- redis.config.php.j2 (replaced by OCC commands)
- optimization.yml (merged into configure.yml)

Files added:
- configure-nextcloud.sh.j2 (single source of truth for config)
- configure.yml (deploys and runs configuration script)

Documentation:
- Add comprehensive OIDC setup guide with Authentik integration
- Document custom scope mapping and group provisioning
- Add email configuration examples for common providers
- Update vault variables documentation
- Explain two-phase deployment approach

Host configuration:
- Change admin user from 'admin' to 'joakim'
- Add admin email configuration

playbooks/remove-nextcloud.yml

@@ -63,15 +63,6 @@
       changed_when: container_remove.rc == 0
       failed_when: false
     
-    - name: Remove nextcloud images
-      command: podman rmi -f {{ item }}
-      loop:
-        - docker.io/library/nextcloud:stable-fpm
-        - docker.io/library/nextcloud
-      register: image_remove
-      changed_when: image_remove.rc == 0
-      failed_when: false
-    
     # ============================================
     # Remove Systemd Units
     # ============================================