docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.

ansible/pplg/oauth2-proxy-prometheus.cfg.j2

@@ -0,0 +1,62 @@
+# OAuth2-Proxy Configuration for Prometheus UI
+# Authenticates users via Casdoor OIDC before proxying to Prometheus
+# Red Panda Approved
+
+# Provider Configuration (Casdoor OIDC)
+provider = "oidc"
+provider_display_name = "Casdoor"
+oidc_issuer_url = "{{prometheus_oauth2_oidc_issuer_url}}"
+client_id = "{{prometheus_oauth2_client_id}}"
+client_secret = "{{prometheus_oauth2_client_secret}}"
+
+# Redirect URL after authentication
+redirect_url = "https://prometheus.{{pplg_haproxy_domain}}/oauth2/callback"
+
+# Upstream service (Prometheus)
+upstreams = [
+    "http://127.0.0.1:9090"
+]
+
+# Session/Cookie Configuration
+cookie_secret = "{{prometheus_oauth2_cookie_secret}}"
+cookie_name = "_oauth2_proxy_prometheus"
+cookie_secure = true
+cookie_httponly = true
+cookie_expire = "168h"
+cookie_refresh = "1h"
+cookie_domains = ".{{pplg_haproxy_domain}}"
+session_store_type = "cookie"
+
+# Authentication settings
+email_domains = ["*"]
+oidc_email_claim = "email"
+oidc_groups_claim = "groups"
+insecure_oidc_allow_unverified_email = true
+
+# Request settings
+pass_access_token = false
+pass_authorization_header = false
+set_authorization_header = false
+set_xauthrequest = true
+
+# Logging
+request_logging = true
+auth_logging = true
+standard_logging = true
+
+# Network settings
+http_address = "0.0.0.0:{{prometheus_proxy_port}}"
+reverse_proxy = true
+real_client_ip_header = "X-Forwarded-For"
+
+# Skip authentication for health check endpoints
+skip_auth_routes = [
+    "^/ping$"
+]
+
+# OIDC specific settings
+skip_provider_button = true
+oidc_extra_audiences = []
+
+# SSL verification
+ssl_insecure_skip_verify = false