Helm chart supports OAuth service tokens and Atlas workload identity

The Tuist Helm chart can now be configured with static OAuth service clients for issuing short-lived service tokens. This enables internal services, such as Atlas, to authenticate to Tuist Server without needing a dedicated user account per customer. The chart supports passing the JWKS, issuer, audience, namespace, service account, and max TTL needed to verify Atlas Kubernetes workload identity tokens. For managed production, these settings are already wired in so Atlas can call internal APIs securely from its own cluster.