Refactor and cleanup OIDC, desktop, and web-app roles

- Improved OIDC variable definitions (12_oidc.yml)
- Added account/security/profile URLs
- Restructured web-app-desktop tasks and JS handling
- Introduced oidc.js and iframe.js with runtime loader
- Fixed nginx.conf, LDAP, and healthcheck templates spacing
- Improved Lua injection for CSP and snippets
- Fixed typos (WordPress, receive, etc.)
- Added silent-check-sso nginx location

Conversation: https://chatgpt.com/share/68ae0060-4fac-800f-9f02-22592a4087d3

roles/sys-ctl-hlth-webserver/tasks/01_core.yml

@@ -10,11 +10,12 @@
     name: python-requests
     state: present
 
-- meta: flush_handlers
+- name: "Flush webserver handlers"
+  meta: flush_handlers
 
 - include_role:
     name: sys-service
   vars:
-    system_service_on_calendar: "{{ SYS_SCHEDULE_HEALTH_NGINX }}"
-    system_service_timer_enabled:  true
-    system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
+    system_service_on_calendar:     "{{ SYS_SCHEDULE_HEALTH_NGINX }}"
+    system_service_timer_enabled:   true
+    system_service_tpl_on_failure:  "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"

roles/sys-ctl-hlth-webserver/templates/script.py.j2

@@ -15,12 +15,12 @@ def get_expected_statuses(domain: str, parts: list[str], redirected_domains: set
     Returns:
         A list of expected HTTP status codes.
     """
-    if domain == '{{domains | get_domain('web-app-listmonk')}}':
+    if domain == '{{ domains | get_domain('web-app-listmonk') }}':
         return [404]
     if (parts and parts[0] == 'www') or (domain in redirected_domains):
         return [301]
-    if domain == '{{domains | get_domain('web-app-yourls')}}':
-        return [{{ applications | get_app_conf('web-app-yourls', 'server.status_codes.landingpage', True) }}]
+    if domain == '{{ domains | get_domain('web-app-yourls') }}':
+        return [{{ applications | get_app_conf('web-app-yourls', 'server.status_codes.landingpage') }}]
     return [200, 302, 301]
 
 # file in which fqdn server configs are deposit