Update OIDC env vars for server's nested oidc.* grouping

Align DockerTenantProvisioner env vars with the server's new
cameleer.server.security.oidc.* namespace:
  CAMELEER_SERVER_SECURITY_OIDC_ISSUERURI
  CAMELEER_SERVER_SECURITY_OIDC_JWKSETURI
  CAMELEER_SERVER_SECURITY_OIDC_AUDIENCE
  CAMELEER_SERVER_SECURITY_OIDC_TLSSKIPVERIFY

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java

@@ -199,9 +199,9 @@ public class DockerTenantProvisioner implements TenantProvisioner {
             "CAMELEER_SERVER_TENANT_ID=" + slug,
             "CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN=" + req.licenseToken(),
             "CAMELEER_SERVER_SECURITY_JWTSECRET=cameleer-dev-jwt-secret-change-in-production",
-            "CAMELEER_SERVER_SECURITY_OIDCISSUERURI=" + props.oidcIssuerUri(),
-            "CAMELEER_SERVER_SECURITY_OIDCJWKSETURI=" + props.oidcJwkSetUri(),
-            "CAMELEER_SERVER_SECURITY_OIDCAUDIENCE=https://api.cameleer.local",
+            "CAMELEER_SERVER_SECURITY_OIDC_ISSUERURI=" + props.oidcIssuerUri(),
+            "CAMELEER_SERVER_SECURITY_OIDC_JWKSETURI=" + props.oidcJwkSetUri(),
+            "CAMELEER_SERVER_SECURITY_OIDC_AUDIENCE=https://api.cameleer.local",
             "CAMELEER_SERVER_SECURITY_CORSALLOWEDORIGINS=" + props.corsOrigins(),
             "CAMELEER_SERVER_LICENSE_TOKEN=" + req.licenseToken(),
             "CAMELEER_SERVER_RUNTIME_ENABLED=true",
@@ -215,7 +215,7 @@ public class DockerTenantProvisioner implements TenantProvisioner {
         ));
         // If no CA bundle exists, fall back to TLS skip for OIDC (self-signed dev)
         if (!java.nio.file.Files.exists(java.nio.file.Path.of("/certs/ca.pem"))) {
-            env.add("CAMELEER_SERVER_SECURITY_OIDCTLSSKIPVERIFY=true");
+            env.add("CAMELEER_SERVER_SECURITY_OIDC_TLSSKIPVERIFY=true");
         }
 
         // Primary network = tenant-isolated network