FIX(authelia): move affinity to top level

- Move affinity from pod.affinity to top-level affinity
- Fix Helm chart schema validation error
- Maintain soft anti-affinity configuration

FIX(security): remove unsupported affinity from authelia

- Remove affinity from authelia (chart schema limitation)
- Fix external-secrets duplicate webhook/certController sections
- Merge affinity into respective component sections
- Authelia chart does not support affinity in values.yaml

authelia/helm-values.yaml

@@ -169,14 +169,8 @@ secret:
 
 # No persistence needed - using PostgreSQL
 
-# Affinity - Soft Anti-Affinity to spread pods across nodes
-pod:
-  affinity:
-    podAntiAffinity:
-      preferredDuringSchedulingIgnoredDuringExecution:
-        - weight: 100
-          podAffinityTerm:
-            labelSelector:
-              matchLabels:
-                app.kubernetes.io/name: authelia
-            topologyKey: kubernetes.io/hostname
+# Note: Authelia Helm chart does not support affinity configuration
+# in values.yaml due to strict schema validation (beta chart).
+# Replica count is set to 2 for HA, but soft anti-affinity cannot
+# be configured via Helm values. Consider using post-render hooks
+# or manual patching if node distribution is critical.