[vaultwarden] Chart Update

[mvprowess]

Version path: 1.30.5 → 1.31.0 → 1.32.0 → 1.33.0 → 1.34.0 → 1.35.4

• 1.31.0 — port 3012 removed (WebSocket now on main HTTP port); EU push endpoint changed
• 1.32.0 — CVE-2024-39924/25/26 fixed; port 3012 removed from Dockerfile
• 1.33.0 — Manager → Custom role migration; 3 GHSA security advisories
• 1.34.0 — email-verified registration flow; feature flags (mutual TLS, attachment export, AnonAddy)
• 1.35.0 — OIDC/SSO support added (first major new feature for K8s auth integration); immutable releases
• 1.35.4 — two additional GHSA security advisories fixed

Changes required (chronological):

• 1.31.0 (template change) — Remove port 3012 from Service template
• 1.31.0 (template change) — Remove port 3012 from Ingress template rules
• 1.31.0 — Remove port 3012 from NetworkPolicy if present
• 1.31.0 — Remove WEBSOCKET_ENABLED from values schema (setting is now a no-op)
• 1.31.0 — Update EU push endpoint documentation: push.bitwarden.eu → api.bitwarden.eu
• 1.33.0 — Add note to README/NOTES.txt: Manager-role org members are automatically converted to Custom role on upgrade; Admins/Owners should verify collection permissions afterward
• 1.35.0 — Add full OIDC/SSO section to values: SSO_ENABLED, SSO_ONLY, SSO_AUTHORITY, SSO_CLIENT_ID, SSO_CLIENT_SECRET (Secret ref pattern), SSO_SCOPES, SSO_PKCE, SSO_SIGNUPS_MATCH_EMAIL, SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION, SSO_ROLES_ENABLED, SSO_ROLES_DEFAULT_TO_USER, SSO_ROLES_TOKEN_PATH
• 1.35.0 — Document OIDC redirect URI in README: https://<DOMAIN>/identity/connect/oidc-signin
• Bump appVersion and image tag to 1.35.4-alpine
• Bump chart version to 1.0.0