feat(web-app-drupal): add Drupal role, OIDC config, and wiring

- networks: add web-app-drupal subnet 192.168.104.80/28
- ports: map localhost http port 8060
- add role files: tasks, vars, schema, users, templates (Dockerfile, docker-compose, settings.local.php, upload.ini)
- add docs: README.md and Administration.md

Ref: https://chatgpt.com/share/690535c5-b55c-800f-8556-5335a6b8a33f

roles/web-app-drupal/templates/Dockerfile.j2

@@ -0,0 +1,75 @@
+FROM {{ DRUPAL_IMAGE }}:{{ DRUPAL_VERSION }}
+
+# -------------------------------------------------------------------
+# System dependencies (mail support + basic tools)
+# -------------------------------------------------------------------
+RUN apt-get update && \
+    apt-get install -y msmtp msmtp-mta git unzip zip less nano curl vim && \
+    rm -rf /var/lib/apt/lists/*
+
+# -------------------------------------------------------------------
+# Install Composer
+# -------------------------------------------------------------------
+RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
+ && php composer-setup.php --install-dir=/usr/local/bin --filename=composer \
+ && rm composer-setup.php
+
+ENV COMPOSER_ALLOW_SUPERUSER=1
+
+# -------------------------------------------------------------------
+# Build Drupal project with Drush + OpenID Connect
+# IMPORTANT:
+# - The Drupal base image uses /var/www/html as a symlink to /opt/drupal/web
+# - Therefore, the actual project root must be placed in /opt/drupal
+# -------------------------------------------------------------------
+RUN set -eux; \
+    builddir="$(mktemp -d)"; \
+    composer create-project --no-interaction --no-ansi --no-progress drupal/recommended-project:^10 "$builddir"; \
+    composer --working-dir="$builddir" require -n drush/drush:^13 drupal/openid_connect:^1; \
+    rm -rf /opt/drupal/* /opt/drupal/.[!.]* /opt/drupal/..?* 2>/dev/null || true; \
+    mkdir -p /opt/drupal; \
+    cp -a "$builddir"/. /opt/drupal/; \
+    rm -rf "$builddir"
+
+# -------------------------------------------------------------------
+# Make vendor binaries available in PATH
+# -------------------------------------------------------------------
+ENV PATH="/opt/drupal/vendor/bin:${PATH}"
+
+# -------------------------------------------------------------------
+# PHP upload configuration
+# -------------------------------------------------------------------
+COPY {{ DRUPAL_CONFIG_UPLOAD_REL }} $PHP_INI_DIR/conf.d/
+
+# -------------------------------------------------------------------
+# Permissions and ownership fixes
+# -------------------------------------------------------------------
+RUN set -eux; \
+  # Ensure all directories are traversable
+  chmod 755 /var /var/www /opt /opt/drupal; \
+  # Ensure correct ownership for Drupal files
+  chown -R www-data:www-data /opt/drupal; \
+  # Apply default permissions
+  find /opt/drupal -type d -exec chmod 755 {} +; \
+  find /opt/drupal -type f -exec chmod 644 {} +; \
+  # Ensure vendor binaries are executable
+  if [ -d /opt/drupal/vendor/bin ]; then chmod a+rx /opt/drupal/vendor/bin/*; fi; \
+  if [ -f /opt/drupal/vendor/drush/drush/drush ]; then chmod a+rx /opt/drupal/vendor/drush/drush/drush; fi; \
+  # Ensure the docroot (/opt/drupal/web) is accessible
+  if [ -d /opt/drupal/web ]; then \
+    chmod 755 /opt/drupal/web; \
+    find /opt/drupal/web -type d -exec chmod 755 {} +; \
+  fi; \
+  # Ensure settings.local.php exists and is owned by www-data
+  install -o www-data -g www-data -m 640 /dev/null /opt/drupal/web/sites/default/settings.local.php
+
+# -------------------------------------------------------------------
+# Runtime defaults
+# -------------------------------------------------------------------
+USER www-data
+WORKDIR /var/www/html  # symlink pointing to /opt/drupal/web
+
+# -------------------------------------------------------------------
+# Build-time check (optional)
+# -------------------------------------------------------------------
+RUN drush --version