Added Kanidm server configuration to serve as central identity provider for
all services. Configuration includes:
- Server on auth.baduhai.dev with HTTPS
- LDAP support on port 636 for legacy integrations
- Nginx reverse proxy with SSL termination
- Added to shared services for DNS resolution
Kanidm will provide OAuth2/OIDC authentication for Nextcloud, Vaultwarden,
Forgejo, and other services.
