Add Vaultwarden password manager role with PostgreSQL and SSO support

- Implement complete Vaultwarden deployment using Podman Quadlet
- PostgreSQL backend via Unix socket with 777 permissions
- Caddy reverse proxy with WebSocket support for live sync
- Control-node admin token hashing using argon2 (OWASP preset)
- Idempotent token hashing with deterministic salt generation
- Full Authentik SSO integration following official guide
- SMTP email configuration support (optional)
- Invitation-only user registration by default
- Comprehensive documentation with setup and troubleshooting guides

Technical Details:
- Container: vaultwarden/server:latest from Docker Hub
- Database: PostgreSQL via /var/run/postgresql socket
- Port: 8080 (localhost only, proxied by Caddy)
- Domain: vault.jnss.me
- Admin token: Hashed on control node with argon2id
- SSO: OpenID Connect with offline_access scope support

Role includes automatic argon2 installation on control node if needed.

roles/vaultwarden/tasks/user.yml

@@ -0,0 +1,28 @@
+---
+# Vaultwarden User Management - Service-Specific User Setup
+
+- name: Create vaultwarden group
+  group:
+    name: "{{ vaultwarden_group }}"
+    system: true
+
+- name: Create vaultwarden user
+  user:
+    name: "{{ vaultwarden_user }}"
+    group: "{{ vaultwarden_group }}"
+    system: true
+    shell: /bin/bash
+    home: "{{ vaultwarden_home }}"
+    create_home: true
+    comment: "Vaultwarden password manager service"
+
+- name: Create vaultwarden directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ vaultwarden_user }}"
+    group: "{{ vaultwarden_group }}"
+    mode: '0755'
+  loop:
+    - "{{ vaultwarden_home }}"
+    - "{{ vaultwarden_data_dir }}"