Rename OIDC strategy from :rauthy to :oidc, update callback path

- Rename AshAuthentication strategy from :oidc :rauthy to :oidc :oidc;
  generated actions are now register_with_oidc / sign_in_with_oidc.
- Update config keys (:rauthy → :oidc) in dev.exs and runtime.exs.
- Update default_redirect_uri to /auth/user/oidc/callback everywhere.
- Rename Mv.Accounts helper functions accordingly.
- Update Mv.Secrets, AuthController, link_oidc_account_live and all tests.
- Update docker-compose.prod.yml, .env.example, README and docs.

IMPORTANT: OIDC providers must be updated to use the new redirect URI
/auth/user/oidc/callback instead of /auth/user/rauthy/callback.

config/runtime.exs

@@ -129,8 +129,7 @@ if config_env() == :prod do
   config :mv, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY")
 
   # OIDC configuration (works with any OIDC provider: Authentik, Rauthy, Keycloak, etc.)
-  # Note: The strategy is named :rauthy internally, but works with any OIDC provider.
-  # The redirect_uri callback path is always /auth/user/rauthy/callback regardless of provider.
+  # The redirect_uri callback path is /auth/user/oidc/callback.
   #
   # Supports OIDC_CLIENT_SECRET or OIDC_CLIENT_SECRET_FILE for Docker secrets.
   # OIDC_CLIENT_SECRET is required only if OIDC is being used (indicated by explicit OIDC env vars).
@@ -150,9 +149,9 @@ if config_env() == :prod do
 
   # Build redirect_uri: use OIDC_REDIRECT_URI if set, otherwise build from host.
   # Uses HTTPS since production runs behind TLS termination.
-  default_redirect_uri = "https://#{host}/auth/user/rauthy/callback"
+  default_redirect_uri = "https://#{host}/auth/user/oidc/callback"
 
-  config :mv, :rauthy,
+  config :mv, :oidc,
     client_id: oidc_client_id || "mv",
     base_url: oidc_base_url || "http://localhost:8080/auth/v1",
     client_secret: client_secret,