Refactor LDAP variable schema to use top-level constant LDAP and nested ALL-CAPS keys.

- Converted group_vars/all/13_ldap.yml from lower-case to ALL-CAPS nested keys.
- Updated all roles, tasks, templates, and filter_plugins to reference LDAP.* instead of ldap.*.
- Fixed Keycloak JSON templates to properly quote Jinja variables.
- Adjusted svc-db-openldap filter plugins and unit tests to handle new LDAP structure.
- Updated integration test to only check uniqueness of TOP-LEVEL ALL-CAPS constants, ignoring nested keys.

See: https://chatgpt.com/share/68b01017-efe0-800f-a508-7d7e2f1c8c8d

roles/web-app-espocrm/templates/env.j2

@@ -63,13 +63,13 @@ ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_ADDRESS={{ users['contact'].email }}
 # ------------------------------------------------
 {% if applications | get_app_conf(application_id, 'features.ldap', False) %}
 ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Ldap
-ESPOCRM_CONFIG_LDAP_HOST={{ ldap.server.domain }}
-ESPOCRM_CONFIG_LDAP_PORT={{ ldap.server.port }}
+ESPOCRM_CONFIG_LDAP_HOST={{ LDAP.SERVER.DOMAIN }}
+ESPOCRM_CONFIG_LDAP_PORT={{ LDAP.SERVER.PORT }}
 # ESPOCRM_CONFIG_LDAP_SECURITY: "", SSL or TLS
-ESPOCRM_CONFIG_LDAP_SECURITY={{ ldap.server.security }}         
-ESPOCRM_CONFIG_LDAP_USERNAME={{ ldap.dn.administrator.data }}
-ESPOCRM_CONFIG_LDAP_PASSWORD={{ ldap.bind_credential }}
-ESPOCRM_CONFIG_LDAP_BASE_DN={{ ldap.dn.ou.users }}
+ESPOCRM_CONFIG_LDAP_SECURITY={{ LDAP.SERVER.SECURITY }}         
+ESPOCRM_CONFIG_LDAP_USERNAME={{ LDAP.DN.ADMINISTRATOR.DATA }}
+ESPOCRM_CONFIG_LDAP_PASSWORD={{ LDAP.BIND_CREDENTIAL }}
+ESPOCRM_CONFIG_LDAP_BASE_DN={{ LDAP.DN.OU.USERS }}
 ESPOCRM_CONFIG_LDAP_USER_LOGIN_FILTER=(sAMAccountName=%USERNAME%)
 {% endif %}