Configure Grafana with Keycloak #74
Description
The Grafana helm charty proxy currently assumes the workload is using Traefik Forward Auth and applies a TFA annotation to its ingress: https://github.com/rstudio/ptd/blob/e776e44b3f7ffeb6233f3d4ac42f4757c353cdff/ptd/src/ptd/pulumi_resources/aws_control_room_capi_hcp.py#L744
We should update this logic to work with Keycloak so that Keycloak workloads with no TFA are able to serve the Grafana page to users.
See: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/
Out of scope for this issue, we should have all sites defaulting to Keycloak and get rid of TFA as this was an early pass to enable easy Okta auth for Posit folks. Depending on when that happens, this Grafana helm chart proxy should either be smart enough to configure TFA or Keycloak, or just assume Keycloak (see: https://github.com/rstudio/ptd/issues/1601)