web-app-taiga: refactor OIDC gating + defaults

- Introduced dedicated variables in vars/main.yml:
  * TAIGA_FLAVOR_TAIGAIO
  * TAIGA_TAIGAIO_ENABLED
- Replaced inline Jinja2 get_app_conf checks with TAIGA_TAIGAIO_ENABLED for
  consistency in tasks, docker-compose template and env file.
- Adjusted env.j2 to use TAIGA_TAIGAIO_ENABLED instead of direct flavor checks.
- Enabled css by default (true instead of false).
- Cleaned up spacing/indentation in config and env.

This improves readability, reduces duplicated logic, and makes it easier to
maintain both OIDC flavors (robrotheram, taigaio).

Conversation: https://chatgpt.com/share/68af65b3-27c0-800f-964f-ff4f2d96ff5d

roles/web-app-taiga/templates/env.j2

@@ -25,8 +25,8 @@ EMAIL_DEFAULT_FROM  =   "{{ users['no-reply'].email }}"         # default email
 DEFAULT_FROM_EMAIL  =   "{{ users['no-reply'].email }}"
 
 # EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True)
-EMAIL_USE_TLS   =   "{{ SYSTEM_EMAIL.TLS | capitalize }}"                   # use TLS (secure) connection with the SMTP server
-EMAIL_USE_SSL   =   "{{ 'False' if SYSTEM_EMAIL.START_TLS else 'True' }}"   # use implicit TLS (secure) connection with the SMTP server
+EMAIL_USE_TLS       =   "{{ SYSTEM_EMAIL.TLS | capitalize }}"                   # use TLS (secure) connection with the SMTP server
+EMAIL_USE_SSL       =   "{{ 'False' if SYSTEM_EMAIL.START_TLS else 'True' }}"   # use implicit TLS (secure) connection with the SMTP server
 
 RABBITMQ_USER=taiga
 RABBITMQ_PASS=taiga
@@ -46,9 +46,9 @@ MAX_AGE             =   360
 # Taiga's Telemetry - Variable to enable or disable the anonymous telemetry
 ENABLE_TELEMETRY    =   True
 
-{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
+{% if TAIGA_OIDC_ENABLED %}
 
-{% if applications | get_app_conf(application_id, 'oidc.flavor') == 'taigaio' %}
+{% if TAIGA_TAIGAIO_ENABLED %}
 
 # OIDC via taigaio official contrib
 # @See https://github.com/taigaio/taiga-contrib-oidc-auth