feat: Move structure to OIDC auth

[isTravis]

Switches authentication from local username/password to KF Auth (OIDC SSO). Adds supporting infrastructure (profile caching, org syncing, internal summary API) and migrates the database schema accordingly.

Also reformats the codebase (dprint replaced with oxfmt), adds an MIT license, and updates the README for accuracy and public-facing clarity.

Auth

• Integrate KF Auth as the sole authentication provider (OIDC flow)
• Add src/api/kf-auth.ts and src/lib/kf-auth.server.ts for token exchange and session management
• Add src/lib/kf-orgs.server.ts for org membership syncing
• Add src/lib/kf-profile-cache.server.ts for caching user profiles
• Add src/api/kf-summary.ts internal service-to-service endpoint
• DB migrations 0007-0011 for KF auth schema changes

Tooling

• Replace dprint with oxfmt (remove dprint.json, add .oxfmtrc.json)
• Reformat all source files to new style

Dev environment

• Rework dev.sh to decrypt .env.local from SOPS and auto-find available ports
• Restructure encrypted env files (.env.enc renamed to .env.prod.enc, add .env.local.enc)
• Add retry loop to migration runner
• Update docker-compose files (remove MinIO, clean up env handling)

Open-source prep

• Add MIT LICENSE file
• Rewrite README intro, fix inaccuracies (Postgres version, port numbers, secret script names, GitHub secrets list)
• Add CI workflow step for the new env layout