feat(web-app-drupal): add Drupal role, OIDC config, and wiring

- networks: add web-app-drupal subnet 192.168.104.80/28
- ports: map localhost http port 8060
- add role files: tasks, vars, schema, users, templates (Dockerfile, docker-compose, settings.local.php, upload.ini)
- add docs: README.md and Administration.md

Ref: https://chatgpt.com/share/690535c5-b55c-800f-8556-5335a6b8a33f

roles/web-app-drupal/vars/oidc.yml

@@ -0,0 +1,33 @@
+# OIDC configuration for Drupal's OpenID Connect module.
+
+# Global settings for openid_connect.settings
+
+oidc_settings:
+  automatic_account_creation:        true        # Auto-create users on first login
+  always_save_userinfo:              true        # Store latest userinfo on each login
+  link_existing_users:               true        # Match existing users by email
+  login_display:                     "button"    # 'button' or 'form'
+  enforced:                          false       # If true, require login for the whole site
+
+# OIDC client entity (e.g., 'keycloak')
+
+oidc_client:
+  id:                                "keycloak"
+  label:                             "Keycloak"
+  settings:
+    client_id:                       "{{ OIDC.CLIENT.ID }}"
+    client_secret:                   "{{ OIDC.CLIENT.SECRET }}"
+    authorization_endpoint:          "{{ OIDC.CLIENT.AUTHORIZE_URL }}"
+    token_endpoint:                  "{{ OIDC.CLIENT.TOKEN_URL }}"
+    userinfo_endpoint:               "{{ OIDC.CLIENT.USER_INFO_URL }}"
+    end_session_endpoint:            "{{ OIDC.CLIENT.LOGOUT_URL }}"
+    scopes:
+      - "openid"
+      - "email"
+      - "profile"
+    use_standard_claims:             true
+# Optional claim mapping examples:
+# username_claim:                "{{ OIDC.ATTRIBUTES.USERNAME }}"
+# email_claim:                   "{{ OIDC.ATTRIBUTES.EMAIL }}"
+# given_name_claim:              "{{ OIDC.ATTRIBUTES.GIVEN_NAME }}"
+# family_name_claim:             "{{ OIDC.ATTRIBUTES.FAMILY_NAME }}"