feat(vmis): 租戶自動開通完整流程 + Admin Portal SSO + NC 行事曆訂閱

Backend:
- schedule_tenant: NC 新容器自動 pgsql 安裝 (_nc_db_check 全新容器處理)
- schedule_tenant: NC 初始化加入 Redis + APCu memcache 設定 (修正 OIDC invalid_state)
- schedule_tenant: 新租戶 KC realm 自動設定 accessCodeLifespan=600s (修正 authentication_expired)
- schedule_account: NC Mail 帳號自動設定 (nc_mail_result/nc_mail_done_at)
- schedule_account: NC 台灣國定假日行事曆自動訂閱 (CalDAV MKCALENDAR)
- nextcloud_client: 新增 subscribe_calendar() CalDAV 訂閱方法
- settings: 新增系統設定 API (site_title/version/timezone/SSO/Keycloak)
- models/result: 新增 nc_mail_result, nc_mail_done_at 欄位
- alembic: 遷移 002(system_settings) 003(keycloak_admin) 004(nc_mail_result)

Frontend (Admin Portal):
- 新增完整管理後台 (index/tenants/accounts/servers/schedules/logs/settings/system-status)
- api.js: Keycloak JS Adapter SSO 整合 (PKCE/S256, fallback KC JS 來源, 自動 token 更新)
- index.html: Promise.allSettled 取代 Promise.all，防止單一 API 失敗影響整頁
- 所有頁面加入 try/catch + toast 錯誤處理
- 新增品牌 LOGO 與 favicon

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/alembic/versions/002_add_system_settings.py

@@ -0,0 +1,33 @@
+"""add system_settings table
+
+Revision ID: 002
+Revises: 001
+Create Date: 2026-03-14
+"""
+from alembic import op
+import sqlalchemy as sa
+
+revision = '002'
+down_revision = '001'
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        'system_settings',
+        sa.Column('id',              sa.Integer(),     nullable=False),
+        sa.Column('site_title',      sa.String(200),   nullable=False, server_default='VMIS Admin Portal'),
+        sa.Column('version',         sa.String(50),    nullable=False, server_default='2.0.0'),
+        sa.Column('timezone',        sa.String(100),   nullable=False, server_default='Asia/Taipei'),
+        sa.Column('sso_enabled',     sa.Boolean(),     nullable=False, server_default='false'),
+        sa.Column('keycloak_url',    sa.String(200),   nullable=False, server_default='https://auth.lab.taipei'),
+        sa.Column('keycloak_realm',  sa.String(100),   nullable=False, server_default='vmis-admin'),
+        sa.Column('keycloak_client', sa.String(100),   nullable=False, server_default='vmis-portal'),
+        sa.Column('updated_at',      sa.DateTime(),    nullable=False, server_default=sa.text('NOW()')),
+        sa.PrimaryKeyConstraint('id'),
+    )
+
+
+def downgrade() -> None:
+    op.drop_table('system_settings')

backend/alembic/versions/003_add_keycloak_admin_credentials.py

@@ -0,0 +1,25 @@
+"""add keycloak admin credentials to system_settings
+
+Revision ID: 003
+Revises: 002
+Create Date: 2026-03-14
+"""
+from alembic import op
+import sqlalchemy as sa
+
+revision = '003'
+down_revision = '002'
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.add_column('system_settings',
+        sa.Column('keycloak_admin_user', sa.String(100), nullable=False, server_default='admin'))
+    op.add_column('system_settings',
+        sa.Column('keycloak_admin_pass', sa.String(200), nullable=False, server_default=''))
+
+
+def downgrade() -> None:
+    op.drop_column('system_settings', 'keycloak_admin_pass')
+    op.drop_column('system_settings', 'keycloak_admin_user')

backend/alembic/versions/004_add_nc_mail_result.py

@@ -0,0 +1,23 @@
+"""add nc_mail_result to account_schedule_results
+
+Revision ID: 004
+Revises: 003
+Create Date: 2026-03-15
+"""
+from alembic import op
+import sqlalchemy as sa
+
+revision = "004"
+down_revision = "003"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.add_column("account_schedule_results", sa.Column("nc_mail_result", sa.Boolean(), nullable=True))
+    op.add_column("account_schedule_results", sa.Column("nc_mail_done_at", sa.DateTime(), nullable=True))
+
+
+def downgrade():
+    op.drop_column("account_schedule_results", "nc_mail_done_at")
+    op.drop_column("account_schedule_results", "nc_mail_result")