FIX(headlamp): configure OIDC authentication

- Remove groups scope (Authelia does not provide groups claim)
- Set proper baseURL for OIDC redirect
- Revert baseURL to empty string (must be empty or start with '/')

headlamp/manifests/external-secret.yaml

@@ -17,7 +17,7 @@ spec:
         OIDC_CLIENT_ID: headlamp
         OIDC_CLIENT_SECRET: "{{ .clientSecret }}"
         OIDC_ISSUER_URL: https://auth0213.kro.kr
-        OIDC_SCOPES: "openid profile email groups"
+        OIDC_SCOPES: "openid profile email"
         OIDC_VALIDATOR_CLIENT_ID: headlamp
         OIDC_VALIDATOR_ISSUER_URL: https://auth0213.kro.kr
   data: