Refactor OpenProject role:

- Add CPU, memory and PID limits to all services in config/main.yml to prevent OOM
- Replace old LDAP admin bootstrap with new 02_admin.yml using OPENPROJECT_ADMINISTRATOR_* vars
- Standardize variable names (uppercase convention)
- Fix HTTPS/HSTS port check (443 instead of 433)
- Allow docker_restart_policy override in base.yml.j2
- Cleanup redundant LDAP admin runner in 01_ldap.yml
See: https://chatgpt.com/share/68d40c6e-ab9c-800f-a4a0-d9338d8c1b32

roles/web-app-openproject/vars/ldap.yml

@@ -9,9 +9,9 @@ openproject_ldap:
   attr_firstname:         "givenName"                                 # LDAP attribute for first name
   attr_lastname:          "{{ LDAP.USER.ATTRIBUTES.SURNAME }}"             # LDAP attribute for last name
   attr_mail:              "{{ LDAP.USER.ATTRIBUTES.MAIL }}"                # LDAP attribute for email
-  attr_admin:             "{{ openproject_filters.administrators }}"  # Optional: LDAP attribute for admin group (leave empty if unused)
+  attr_admin:             "{{ OPENPROJECT_LDAP_FILTERS.ADMINISTRATORS }}"  # Optional: LDAP attribute for admin group (leave empty if unused)
   onthefly_register:      true                                        # Automatically create users on first login
   tls_mode:               0                                           # 0 = No TLS, 1 = TLS, 2 = STARTTLS
   verify_peer:            false                                       # Whether to verify the SSL certificate
-  filter_string:          "{{ openproject_filters.users }}"           # Optional: Custom filter for users (e.g., "(objectClass=person)")
+  filter_string:          "{{ OPENPROJECT_LDAP_FILTERS.USERS }}"           # Optional: Custom filter for users (e.g., "(objectClass=person)")
   tls_certificate_string: ""                                          # Optional: Client certificate string for TLS (usually left empty)