feat: register OIDC redirect URIs for provisioned tenant servers

During tenant provisioning, adds /t/{slug}/oidc/callback to the Logto
Traditional Web App's registered redirect URIs. This enables the
server's OIDC login flow to work when accessed via Traefik routing.

Also reads tradAppId from bootstrap JSON via LogtoConfig.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/test/java/net/siegeln/cameleer/saas/vendor/VendorTenantServiceTest.java

@@ -1,8 +1,10 @@
 package net.siegeln.cameleer.saas.vendor;
 
 import net.siegeln.cameleer.saas.audit.AuditService;
+import net.siegeln.cameleer.saas.identity.LogtoConfig;
 import net.siegeln.cameleer.saas.identity.LogtoManagementClient;
 import net.siegeln.cameleer.saas.identity.ServerApiClient;
+import net.siegeln.cameleer.saas.provisioning.ProvisioningProperties;
 import net.siegeln.cameleer.saas.license.LicenseEntity;
 import net.siegeln.cameleer.saas.license.LicenseService;
 import net.siegeln.cameleer.saas.provisioning.ProvisionResult;
@@ -53,6 +55,9 @@ class VendorTenantServiceTest {
     @Mock
     private LogtoManagementClient logtoClient;
 
+    @Mock
+    private LogtoConfig logtoConfig;
+
     @Mock
     private AuditService auditService;
 
@@ -60,9 +65,14 @@ class VendorTenantServiceTest {
 
     @BeforeEach
     void setUp() {
+        var provisioningProps = new ProvisioningProperties(
+            "img", "uiimg", "net", "traefik", "localhost", "https",
+            "jdbc:postgresql://pg:5432/db", "https://localhost/oidc",
+            "http://logto:3001/oidc/jwks", "https://localhost");
         vendorTenantService = new VendorTenantService(
                 tenantService, tenantRepository, licenseService,
-                tenantProvisioner, serverApiClient, logtoClient, auditService);
+                tenantProvisioner, serverApiClient, logtoClient, logtoConfig,
+                auditService, provisioningProps);
     }
 
     // --- Helpers ---