feat: deploy Wave 1 - Vaultwarden, Uptime Kuma, Trivy Operator, Authelia

GitOps manifests for security stack Wave 1:
- Vaultwarden (vault.davidepiu.xyz) - password manager
- Uptime Kuma (status.davidepiu.xyz) - uptime monitoring
- Trivy Operator - vulnerability scanning
- Authelia (auth.davidepiu.xyz) - SSO + 2FA

All with NetworkPolicies for Traefik ingress.

clusters/lab/security/trivy-operator.yaml

@@ -0,0 +1,45 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: aquasecurity
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://aquasecurity.github.io/helm-charts/
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: trivy-operator
+  namespace: flux-system
+spec:
+  interval: 1h
+  targetNamespace: trivy-system
+  install:
+    createNamespace: true
+  chart:
+    spec:
+      chart: trivy-operator
+      sourceRef:
+        kind: HelmRepository
+        name: aquasecurity
+      interval: 1h
+  values:
+    trivy:
+      resources:
+        requests:
+          cpu: 10m
+          memory: 64Mi
+        limits:
+          cpu: 500m
+          memory: 512Mi
+    operator:
+      scanJobsConcurrentLimit: 1
+      vulnerabilityScannerScanOnlyCurrentRevisions: true
+    compliance:
+      cron: ""
+    nodeCollector:
+      excludeNodes: ""
+    serviceMonitor:
+      enabled: false