Add Linkding OIDC via Authelia, fix jwks key name in config

- linkding: add OIDC env vars pointing to Authelia as identity provider
- authelia/config: fix issuer_private_keys → jwks (correct key for 4.38.x)
  and replace non-functional template function with host-managed note

authelia/config/configuration.yaml

@@ -51,3 +51,28 @@ regulation:
   max_retries: 3
   find_time: 2m
   ban_time: 5m
+
+identity_providers:
+  oidc:
+    hmac_secret: ${AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET}
+    jwks:
+      - key_id: main
+        algorithm: RS256
+        use: sig
+        # key: HOST-MANAGED — inline /srv/authelia/config/oidc.key contents here in the
+        # host copy (/srv/authelia/config/configuration.yml). Never commit the key to git.
+        # Generate with: openssl genrsa -out /srv/authelia/config/oidc.key 4096
+    clients:
+      - client_id: linkding
+        client_name: Linkding
+        client_secret: '${AUTHELIA_OIDC_CLIENT_SECRET_LINKDING}'
+        public: false
+        authorization_policy: one_factor
+        redirect_uris:
+          - https://linkding.kolpacksoftware.com/oidc/callback/
+        scopes:
+          - openid
+          - profile
+          - email
+          - groups
+        userinfo_signed_response_alg: none