refactor: absorb ZTVP RHBK config into rh-keycloak wrapper (#146)

* refactor: absorb ZTVP-specific RHBK config into rh-keycloak wrapper

Move all ZTVP-specific configuration from the generic rhbk subchart
into the rh-keycloak wrapper values: full ZTVP realm definition,
realm import placeholders, extra secrets (keycloak-users, ACS OIDC,
RHTPA CLI OIDC), SPIFFE Identity Provider enablement, and vault paths.

Update rh-keycloak Chart.yaml to depend on rhbk >=0.1.0 (generalized).

Also fix pipeline git-clone basic-auth workspace binding to be
conditional on git.credentials.enabled, preventing failures when
cloning public repos without credentials configured.

Signed-off-by: Min Zhang <minzhang@redhat.com>

* fix: use canonical duration format for refreshInterval

Kubernetes normalizes Go duration strings (e.g. "1h" -> "1h0m0s") when
storing ExternalSecret CRs, causing ArgoCD to detect a perpetual diff
and mark resources as OutOfSync. Use the fully-qualified "1h0m0s" format
so the desired manifest matches the live state exactly.

Signed-off-by: Min Zhang <minzhang@redhat.com>

---------

Signed-off-by: Min Zhang <minzhang@redhat.com>

Author: minmzzhang

charts/rh-keycloak/Chart.yaml

@@ -1,11 +1,11 @@
 apiVersion: v2
 name: rh-keycloak
-description: ZTVP Keycloak deployment — wraps the rhbk chart with short-lived ExternalSecret lifecycle via ArgoCD hooks
+description: ZTVP Keycloak deployment — wraps the generic rhbk chart with ZTVP realm configuration and ArgoCD hook lifecycle
 type: application
-version: 0.1.0
+version: 0.2.0
 dependencies:
   - name: rhbk
-    version: ">=0.0.12"
+    version: ">=0.1.0"
     repository: "oci://quay.io/validatedpatterns"
 maintainers:
   - name: Zero Trust Validated Patterns Team