sec: disable Vaultwarden open signups, add admin token

- signupsAllowed: false - prevents public registration
- invitationsAllowed: false - prevents invitation abuse
- adminToken from Secret for /admin panel access

clusters/lab/apps/vaultwarden.yaml

@@ -30,8 +30,15 @@ spec:
         kind: HelmRepository
         name: vaultwarden
       interval: 1h
+  valuesFrom:
+  - kind: Secret
+    name: vaultwarden-admin
+    valuesKey: ADMIN_TOKEN
+    targetPath: adminToken.value
   values:
     domain: "https://vault.davidepiu.xyz"
+    signupsAllowed: false
+    invitationsAllowed: false
     ingress:
       enabled: true
       class: traefik