fix(k8s): stabilize keycloak rollout and align CD deploy manifests

Update Keycloak probe/realm import behavior and authority config so auth services start reliably on the dev cluster, while keeping CD deployment steps aligned with the actual Kubernetes overlay behavior.

backend/WorkClub.Infrastructure/Seed/SeedDataService.cs

@@ -62,6 +62,22 @@ public class SeedDataService
         ");
 
         // Create admin bypass policies (idempotent)
+        await context.Database.ExecuteSqlRawAsync(@"
+            DO $$
+            BEGIN
+              IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN
+                CREATE ROLE app_admin;
+              END IF;
+            END
+            $$;
+            GRANT app_admin TO app;
+            GRANT USAGE ON SCHEMA public TO app_admin;
+            GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO app_admin;
+            GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO app_admin;
+            ALTER DEFAULT PRIVILEGES FOR ROLE app IN SCHEMA public GRANT ALL ON TABLES TO app_admin;
+            ALTER DEFAULT PRIVILEGES FOR ROLE app IN SCHEMA public GRANT ALL ON SEQUENCES TO app_admin;
+        ");
+
         await context.Database.ExecuteSqlRawAsync(@"
             DO $$ BEGIN
             IF NOT EXISTS (SELECT 1 FROM pg_policies WHERE tablename='clubs' AND policyname='bypass_rls_policy') THEN