Fix Authelia OIDC client secrets using template secret files

- Switch from unsupported \${VAR} substitution to {{ secret "..." }} template syntax
- Enable X_AUTHELIA_CONFIG_FILTERS=template in compose
- Client secrets now loaded from /config/secrets/oidc_* files on host
- Use PBKDF2-SHA512 hashes (not bcrypt, not plaintext)

authelia/config/configuration.yaml

@@ -65,7 +65,7 @@ identity_providers:
     clients:
       - client_id: open-webui
         client_name: Open WebUI
-        client_secret: '${AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI}'
+        client_secret: '{{ secret "/config/secrets/oidc_open_webui" }}'
         public: false
         authorization_policy: one_factor
         token_endpoint_auth_method: client_secret_post
@@ -79,7 +79,7 @@ identity_providers:
 
       - client_id: linkding
         client_name: Linkding
-        client_secret: '${AUTHELIA_OIDC_CLIENT_SECRET_LINKDING}'
+        client_secret: '{{ secret "/config/secrets/oidc_linkding" }}'
         public: false
         authorization_policy: one_factor
         token_endpoint_auth_method: client_secret_post