feat(auth): add OIDC/Gitea userinfo support for OAuth2 login

[achille]

The passport-oauth2 strategy doesn't fetch user profile data by default, which breaks authentication with OIDC providers like Gitea that don't embed user info in the access token.

this pr is written via ai (claude+gemini) and manually verified

Changes:

• Override userProfile on strategy instance when OAUTH2_CLIENT_USERINFO_URL is set
• Map OIDC standard claims (sub, preferred_username, email, picture) to passport profile
• Support Gitea API fields (login, full_name, avatar_url) as fallbacks
• Use stable identifiers for username (never display name) to prevent collisions
• Add UserProfile interface for type safety
• Throw clear error on missing required config instead of silent early return
• Replace disabled test file with comprehensive working tests

See: https://docs.gitea.com/development/oauth2-provider

Description

Support for login via gitea/forgejo OIDC.

Type of change

• New feature (non-breaking change which adds functionality)

How Has This Been Tested?

• ai assisted unit tests (multiple rounds) + manual review

• depoyed and tested locally on my homlab

• I've built the image and tested it on a kubernetes cluster

Test Configuration:

• Operator Version: v0.2.2 (ghcr.io/kubero-dev/kubero-operator/kuberoapp:v0.2.2)
• Kubernetes Version: v1.34.2+k3s1
• Kubero CLI Version: N/A (not installed)

Checklist:

• I removed unnecessary debug logs (verified - no console.log or DEBUG found)
• My code follows the style guidelines of this project (uses existing patterns)
• I have performed a self-review of my code
• I documented my code, particularly in hard-to-understand areas (comments explain OIDC/Gitea fallback logic)
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works (306 lines of tests added)
• New and existing unit tests pass locally with my changes