Document and validate external Keycloak/RHBK configuration requirements

Also, get rid of jwtAuth.keycloak.installed and jwtAuth.keycloak.namespace. 

Require specific attributes required for the chart to operate.

Scope:

• Create documentation for required Keycloak realm/client setup: realm name, client ID, client scopes, audience mappers, redirect URIs

• Document required token claims (org_id, account_number, aud) that the Envoy Lua filter expects

• Add values validation (e.g., fail if jwtAuth.keycloak.url is empty and Keycloak is not auto-detected)

• Test with a pre-existing Keycloak instance (not deployed by install script)

• Update install-helm-chart.sh to skip RHBK operator deployment when external URL is provided

Estimate: Low-Medium (mostly documentation + install-script gating)