Add Keycloak and Okta SSO configuration and sign-in UI

[initstring]

Motivation

• Expand SSO support beyond Google so teams can use Keycloak or Okta as OAuth providers.
• Surface required env variables and documentation so operators can configure Keycloak/Okta in dev and production environments.

Description

• Register Keycloak and Okta providers in the NextAuth config and treat them alongside Google for OAuth validation (src/server/auth/config.ts).
• Extend the server env schema and runtime mapping to include KEYCLOAK_* and OKTA_* variables (src/env.ts).
• Update the sign-in UI and page to expose provider-specific buttons and enablement flags for Keycloak and Okta (src/features/shared/auth/sign-in-page.tsx, src/app/(public-routes)/auth/signin/page.tsx).
• Add commented example env entries to .env.example-dev and deploy/docker/.env.example-prod, and clarify supported SSO providers in docs/installation.md.

Testing

• Ran npm run check (ESLint + TypeScript checks) which completed successfully.
• Ran npm run test which failed due to Prisma being unable to connect to a local database (localhost:5432), so full test-suite validations requiring the DB were not executed.

---

Codex Task

[initstring]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Keep them coming!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".