Refactor and cleanup OIDC, desktop, and web-app roles

- Improved OIDC variable definitions (12_oidc.yml)
- Added account/security/profile URLs
- Restructured web-app-desktop tasks and JS handling
- Introduced oidc.js and iframe.js with runtime loader
- Fixed nginx.conf, LDAP, and healthcheck templates spacing
- Improved Lua injection for CSP and snippets
- Fixed typos (WordPress, receive, etc.)
- Added silent-check-sso nginx location

Conversation: https://chatgpt.com/share/68ae0060-4fac-800f-9f02-22592a4087d3

roles/web-app-desktop/templates/menu/applications.yml.j2

@@ -24,31 +24,7 @@ applications:
             icon: {{ app.icon }}
             url: {{ app.url }}
             iframe: {{ app.iframe }}
-            {% if app.title == 'Keycloak' %}
-            {% set keycloak_url = domains | get_url('web-app-keycloak', WEB_PROTOCOL) %}
-            {{ domains | get_url(application_id, WEB_PROTOCOL) }}
-            children:
-              - name: Administration
-                description: Access the central admin console
-                icon:
-                  class: fa-solid fa-shield-halved
-                url: {{ keycloak_url }}/admin
-                iframe: {{ applications | get_app_conf( 'web-app-keycloak', 'features.desktop', False) }}
-              - name: Profile
-                description: Update your personal admin settings
-                icon:
-                  class: fa-solid fa-user-gear
-                url: {{ keycloak_url }}/realms/{{ OIDC.CLIENT.ID }}/account
-                iframe: {{ applications | get_app_conf( 'web-app-keycloak', 'features.desktop', False) }}
-              - name: Logout
-                description: End your admin session securely
-                icon:
-                  class: fa-solid fa-right-from-bracket
-                url: {{ keycloak_url }}/realms/{{ OIDC.CLIENT.ID }}/protocol/openid-connect/logout
-                iframe: false
-
-            {% endif %}
-
+            
         {% endfor %}
 
     {% endfor %}