Add configurable admin password via environment variable

- Add ORCHARD_ADMIN_PASSWORD env var to set initial admin password
- When set, admin user created without forced password change
- Add AWS Secrets Manager support for stage/prod deployments
- Add .env file support for local docker development
- Add Helm chart auth config (adminPassword, existingSecret, secretsManager)

Environments configured:
- Local: .env file or defaults to changeme123
- Feature/dev: orchardtest123 (hardcoded in values-dev.yaml)
- Stage: AWS Secrets Manager (orchard-stage-creds)
- Prod: AWS Secrets Manager (orch-prod-creds)

.gitlab-ci.yml

@@ -216,10 +216,14 @@ release:
 
       BASE_URL = os.environ.get("STAGE_URL", "")
       ADMIN_USER = "admin"
-      ADMIN_PASS = "changeme123"  # Default admin password
+      ADMIN_PASS = os.environ.get("STAGE_ADMIN_PASSWORD", "")  # From CI variables
       MAX_RETRIES = 3
       RETRY_DELAY = 5  # seconds
 
+      if not ADMIN_PASS:
+          print("ERROR: STAGE_ADMIN_PASSWORD environment variable not set")
+          sys.exit(1)
+
       if not BASE_URL:
           print("ERROR: STAGE_URL environment variable not set")
           sys.exit(1)
@@ -286,6 +290,7 @@ integration_test_stage:
   needs: [reset_stage_pre]
   variables:
     ORCHARD_TEST_URL: $STAGE_URL
+    ORCHARD_TEST_PASSWORD: $STAGE_ADMIN_PASSWORD  # Set in CI variables, matches AWS Secrets Manager
   rules:
     - if: '$CI_COMMIT_BRANCH == "main"'
       when: on_success
@@ -302,6 +307,7 @@ integration_test_feature:
   needs: [deploy_feature]
   variables:
     ORCHARD_TEST_URL: https://orchard-$CI_COMMIT_REF_SLUG.common.global.bsf.tools
+    ORCHARD_TEST_PASSWORD: orchardtest123  # Matches values-dev.yaml orchard.auth.adminPassword
   rules:
     - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != "main"'
       when: on_success