Refactor websocket and Taiga variables

- Introduce WEBSOCKET_PROTOCOL derived from WEB_PROTOCOL (wss if https, else ws).
- Replace hardcoded websocket URLs in EspoCRM, Nextcloud and Taiga with {{ WEBSOCKET_PROTOCOL }}.
- Fix mautrix-imessage to use ws:// for internal synapse:8008.
- Standardize Pixelfed OIDC env spacing.
- Refactor Taiga variables to TAIGA_* naming convention and clean up EMAIL_BACKEND definition.

See: https://chatgpt.com/share/68af62fa-4dcc-800f-9aaf-cff746daab1e

roles/web-app-taiga/templates/env.j2

@@ -1,13 +1,13 @@
 # Taiga's URLs - Variables to define where Taiga should be served
-TAIGA_SITES_SCHEME  =   https          # serve Taiga using "http" or "https" (secured) connection
+TAIGA_SITES_SCHEME  =   {{ WEB_PROTOCOL }}         # serve Taiga using "http" or "https" (secured) connection
 TAIGA_SITES_DOMAIN  =   "{{ domains | get_domain(application_id) }}"   # Taiga's base URL
   
 TAIGA_SUBPATH       =   ""  # it'll be appended to the TAIGA_DOMAIN (use either "" or a "/subpath")
-WEBSOCKETS_SCHEME   =   wss # events connection protocol (use either "ws" or "wss")
+WEBSOCKETS_SCHEME   =   {{ WEBSOCKET_PROTOCOL }} # events connection protocol (use either "ws" or "wss")
 
 # Taiga's Secret Key - Variable to provide cryptographic signing
-TAIGA_SECRET_KEY    =   "{{applications | get_app_conf(application_id, 'credentials.secret_key', True)}}"
-SECRET_KEY          =   "{{applications | get_app_conf(application_id, 'credentials.secret_key', True)}}"
+TAIGA_SECRET_KEY    =   "{{ applications | get_app_conf(application_id, 'credentials.secret_key') }}"
+SECRET_KEY          =   "{{ applications | get_app_conf(application_id, 'credentials.secret_key') }}"
 
 # Taiga's Database settings - Variables to create the Taiga database and connect to it
 POSTGRES_USER       =   "{{ database_username }}"       # user to connect to PostgreSQL
@@ -16,18 +16,17 @@ POSTGRES_DB         =   "{{ database_name }}"
 POSTGRES_HOST       =   "{{ database_host }}"
 
 # Taiga's SMTP settings - Variables to send Taiga's emails to the users
-EMAIL_BACKEND       =   "{{email_backend}}"          # use an SMTP server or display the emails in the console (either "smtp" or "console")
-EMAIL_HOST          =   "{{ SYSTEM_EMAIL.HOST }}"      # SMTP server address
-EMAIL_PORT          =   "{{ SYSTEM_EMAIL.PORT }}" # default SMTP port
-EMAIL_HOST_USER     =   "{{ users['no-reply'].email }}"  # user to connect the SMTP server
-EMAIL_HOST_PASSWORD =   "{{ users['no-reply'].mailu_token }}"  # SMTP user's password
-EMAIL_DEFAULT_FROM  =   "{{ users['no-reply'].email }}"      # default email address for the automated emails
-EMAIL_BACKEND:      =   "django.core.mail.backends.{{email_backend}}.EmailBackend"
+EMAIL_BACKEND       =   "{{ TAIGA_EMAIL_BACKEND }}"             # use an SMTP server or display the emails in the console (either "smtp" or "console")
+EMAIL_HOST          =   "{{ SYSTEM_EMAIL.HOST }}"               # SMTP server address
+EMAIL_PORT          =   "{{ SYSTEM_EMAIL.PORT }}"               # default SMTP port
+EMAIL_HOST_USER     =   "{{ users['no-reply'].email }}"         # user to connect the SMTP server
+EMAIL_HOST_PASSWORD =   "{{ users['no-reply'].mailu_token }}"   # SMTP user's password
+EMAIL_DEFAULT_FROM  =   "{{ users['no-reply'].email }}"         # default email address for the automated emails
 DEFAULT_FROM_EMAIL  =   "{{ users['no-reply'].email }}"
 
 # EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True)
-EMAIL_USE_TLS   =   "{{ SYSTEM_EMAIL.TLS | capitalize }}"         # use TLS (secure) connection with the SMTP server
-EMAIL_USE_SSL   =   "{{ 'False' if SYSTEM_EMAIL.START_TLS else 'True' }}" # use implicit TLS (secure) connection with the SMTP server
+EMAIL_USE_TLS   =   "{{ SYSTEM_EMAIL.TLS | capitalize }}"                   # use TLS (secure) connection with the SMTP server
+EMAIL_USE_SSL   =   "{{ 'False' if SYSTEM_EMAIL.START_TLS else 'True' }}"   # use implicit TLS (secure) connection with the SMTP server
 
 RABBITMQ_USER=taiga
 RABBITMQ_PASS=taiga
@@ -49,7 +48,7 @@ ENABLE_TELEMETRY    =   True
 
 {% if applications | get_app_conf(application_id, 'features.oidc', False) %}
 
-{% if applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
+{% if applications | get_app_conf(application_id, 'oidc.flavor') == 'taigaio' %}
 
 # OIDC via taigaio official contrib
 # @See https://github.com/taigaio/taiga-contrib-oidc-auth
@@ -65,14 +64,14 @@ OIDC_OP_JWKS_ENDPOINT="{{ OIDC.CLIENT.CERTS }}"
 
 {% endif %}
 
-{% if applications | get_app_conf(application_id, 'oidc.flavor', True) == 'robrotheram' %}
+{% if TAIGA_FLAVOR_ROBROTHERAM %}
 
 # OIDC via robrotheram
 # @see https://github.com/robrotheram/taiga-contrib-openid-auth
 ENABLE_OPENID=True
 OPENID_URL="{{ OIDC.CLIENT.AUTHORIZE_URL }}"
-OPENID_USER_URL="{{OIDC.CLIENT.USER_INFO_URL}}"
-OPENID_TOKEN_URL="{{OIDC.CLIENT.TOKEN_URL}}"
+OPENID_USER_URL="{{ OIDC.CLIENT.USER_INFO_URL }}"
+OPENID_TOKEN_URL="{{ OIDC.CLIENT.TOKEN_URL }}"
 OPENID_CLIENT_ID="{{ OIDC.CLIENT.ID }}"
 OPENID_CLIENT_SECRET="{{ OIDC.CLIENT.SECRET }}"
 OPENID_NAME="{{ OIDC.BUTTON_TEXT }}"