fix(auth): 🔒️ Update redirect URIs for OAuth clients

Removes the public client configuration and updates the Grafana redirect URI to the correct domain.

Modifies OAuth scopes to include groups for improved permission management.

otc/observability.t09.de/stacks/core/dex/values.yaml

@@ -59,11 +59,6 @@ config:
   enablePasswordDB: false
 
   staticClients:
-    - id: public-client
-      public: true
-      name: 'Public Client'
-      redirectURIs:
-        - 'https://localhost/oidc/callback'
     - id: controller-argocd-dex
       name: ArgoCD Client
       redirectURIs:
@@ -71,6 +66,6 @@ config:
       secret: "{{`{{ .Env.OIDC_DEX_ARGO_CLIENT_SECRET }}`}}"
     - id: grafana
       redirectURIs:
-        - "https://localhost/login/generic_oauth"
+        - "https://grafana.observability.t09.de/login/generic_oauth"
       name: "Grafana"
       secret: "thisisasecret"