Refactor Akaunting role and CSP handling

- Improved CSP filter to properly include web-svc-cdn and use protocol-aware domains
- Added Todo.md with redis and OIDC notes
- Enhanced Akaunting role config with CSP flags and redis option
- Updated schema to include app_key validation
- Reworked tasks to handle first-run marker logic cleanly
- Fixed docker-compose template (marker, healthcheck, setup flag)
- Expanded env.j2 with cache, email, proxy, and redis options
- Added javascript.js.j2 template for SSO warning
- Introduced structured vars for Akaunting role
- Removed deprecated update-repository-with-files.yml task

See conversation: https://chatgpt.com/share/68af00df-2c74-800f-90b6-6ac5b29acdcb

roles/web-app-akaunting/templates/env.j2

@@ -1,22 +1,55 @@
-# You should change this to match your reverse proxy DNS name and protocol
-APP_URL={{ domains | get_url(application_id, WEB_PROTOCOL) }}
+# https://github.com/akaunting/akaunting/blob/master/.env.example
+APP_URL={{ AKAUNTING_URL }}
+
+# Locales
 LOCALE={{ HOST_LL }}
+TIMEZONE={{ HOST_TIMEZONE }}
+
+# Environment
+APP_DEBUG={{ MODE_DEBUG | lower }}
+APP_ENV={{ ENVIRONMENT }}
 
 # Don't change this unless you rename your database container or use rootless podman, in case of using rootless podman you should set it to 127.0.0.1 (NOT localhost)
 DB_HOST={{ database_host }}
-
-# Change these to match env/db.env
 DB_DATABASE={{ database_name }}
 DB_USERNAME={{ database_username }}
 DB_PASSWORD={{ database_password }}
-
-# You should change this to a random string of three numbers or letters followed by an underscore
+DB_PORT={{ database_port }}
+DB_CONNECTION=mysql
 DB_PREFIX=asd_
 
+# Proxy
+TRUSTED_PROXIES=*
+TRUSTED_HEADERS=X_FORWARDED_FOR,X_FORWARDED_HOST,X_FORWARDED_PORT,X_FORWARDED_PROTO
+
 # These define the first company to exist on this instance. They are only used during setup.
-COMPANY_NAME={{applications | get_app_conf(application_id, 'company.name', True)}}
-COMPANY_EMAIL={{applications | get_app_conf(application_id, 'company.email', True)}}
+COMPANY_NAME={{ AKAUNTING_COMPANY_NAME }}
+COMPANY_EMAIL={{ AKAUNTING_COMPANY_EMAIL }}
+
+# Credentials
+APP_KEY={{ AKAUNTING_APP_KEY }}
 
 # This will be the first administrative user created on setup.
-ADMIN_EMAIL={{applications.akaunting.setup_admin_email}}
-ADMIN_PASSWORD={{applications | get_app_conf(application_id, 'credentials.setup_admin_password', True)}}
+ADMIN_EMAIL={{ AKAUNTING_ADMIN_EMAIL }}
+ADMIN_PASSWORD={{ AKAUNTING_ADMIN_PASSWORD }}
+
+# Cache
+CACHE_DRIVER={{ AKAUNTING_CACHE_DRIVER }}
+SESSION_DRIVER={{ AKAUNTING_CACHE_DRIVER }}
+QUEUE_CONNECTION={{ 'sync' if AKAUNTING_CACHE_DRIVER == 'file' else AKAUNTING_CACHE_DRIVER }}
+{% if AKAUNTING_CACHE_DRIVER == 'redis' %}
+REDIS_CLIENT=phpredis
+REDIS_HOST=redis
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+{% endif %}
+
+# Email
+MAIL_MAILER={{ 'smtp' if SYSTEM_EMAIL.SMTP else 'sendmail' }}
+MAIL_HOST={{ SYSTEM_EMAIL.HOST }}
+MAIL_PORT={{ SYSTEM_EMAIL.PORT }}
+MAIL_USERNAME={{ users['no-reply'].email }}
+MAIL_PASSWORD={{ users['no-reply'].mailu_token }}
+MAIL_ENCRYPTION={{ SYSTEM_EMAIL.TLS | ternary("tls","null") }}
+MAIL_FROM_ADDRESS={{ AKAUNTING_COMPANY_EMAIL }}
+MAIL_FROM_NAME={{ AKAUNTING_COMPANY_NAME }}