Rename OIDC strategy from :rauthy to :oidc, update callback path

- Rename AshAuthentication strategy from :oidc :rauthy to :oidc :oidc;
  generated actions are now register_with_oidc / sign_in_with_oidc.
- Update config keys (:rauthy → :oidc) in dev.exs and runtime.exs.
- Update default_redirect_uri to /auth/user/oidc/callback everywhere.
- Rename Mv.Accounts helper functions accordingly.
- Update Mv.Secrets, AuthController, link_oidc_account_live and all tests.
- Update docker-compose.prod.yml, .env.example, README and docs.

IMPORTANT: OIDC providers must be updated to use the new redirect URI
/auth/user/oidc/callback instead of /auth/user/rauthy/callback.

test/accounts/user_authentication_test.exs

@@ -103,13 +103,13 @@ defmodule Mv.Accounts.UserAuthenticationTest do
         "preferred_username" => "oidc.user@example.com"
       }
 
-      # Use sign_in_with_rauthy to find user by oidc_id
+      # Use sign_in_with_oidc to find user by oidc_id
       # Note: This test will FAIL until we implement the security fix
       # that changes the filter from email to oidc_id
       system_actor = Mv.Helpers.SystemActor.get_system_actor()
 
       result =
-        Mv.Accounts.read_sign_in_with_rauthy(
+        Mv.Accounts.read_sign_in_with_oidc(
           %{
             user_info: user_info,
             oauth_tokens: %{}
@@ -145,11 +145,11 @@ defmodule Mv.Accounts.UserAuthenticationTest do
         "preferred_username" => "newuser@example.com"
       }
 
-      # Should create via register_with_rauthy
+      # Should create via register_with_oidc
       system_actor = Mv.Helpers.SystemActor.get_system_actor()
 
       {:ok, new_user} =
-        Mv.Accounts.create_register_with_rauthy(
+        Mv.Accounts.create_register_with_oidc(
           %{
             user_info: user_info,
             oauth_tokens: %{}
@@ -196,8 +196,8 @@ defmodule Mv.Accounts.UserAuthenticationTest do
 
   describe "Mixed authentication scenarios" do
     @tag :test_proposal
-    test "user with oidc_id cannot be found by email-only query in sign_in_with_rauthy" do
-      # This test verifies the security fix: sign_in_with_rauthy should NOT
+    test "user with oidc_id cannot be found by email-only query in sign_in_with_oidc" do
+      # This test verifies the security fix: sign_in_with_oidc should NOT
       # match users by email, only by oidc_id
 
       _user =
@@ -218,7 +218,7 @@ defmodule Mv.Accounts.UserAuthenticationTest do
       system_actor = Mv.Helpers.SystemActor.get_system_actor()
 
       result =
-        Mv.Accounts.read_sign_in_with_rauthy(
+        Mv.Accounts.read_sign_in_with_oidc(
           %{
             user_info: user_info,
             oauth_tokens: %{}
@@ -238,12 +238,12 @@ defmodule Mv.Accounts.UserAuthenticationTest do
           :ok
 
         other ->
-          flunk("sign_in_with_rauthy should not match by email alone, got: #{inspect(other)}")
+          flunk("sign_in_with_oidc should not match by email alone, got: #{inspect(other)}")
       end
     end
 
     @tag :test_proposal
-    test "password user (oidc_id=nil) is not found by sign_in_with_rauthy" do
+    test "password user (oidc_id=nil) is not found by sign_in_with_oidc" do
       # Create a password-only user
       _user =
         create_test_user(%{
@@ -262,7 +262,7 @@ defmodule Mv.Accounts.UserAuthenticationTest do
       system_actor = Mv.Helpers.SystemActor.get_system_actor()
 
       result =
-        Mv.Accounts.read_sign_in_with_rauthy(
+        Mv.Accounts.read_sign_in_with_oidc(
           %{
             user_info: user_info,
             oauth_tokens: %{}
@@ -283,7 +283,7 @@ defmodule Mv.Accounts.UserAuthenticationTest do
 
         other ->
           flunk(
-            "Password-only user should not be found by sign_in_with_rauthy, got: #{inspect(other)}"
+            "Password-only user should not be found by sign_in_with_oidc, got: #{inspect(other)}"
           )
       end
     end