feat: Initial tenant Control Panel

Privacy-first settings dashboard for LetsBe Cloud tenants.
- Next.js 15 (App Router) with Keycloak SSO via NextAuth.js v5
- Tool status grid with health indicators
- Settings pages (email, domain, server info)
- Post-provisioning setup checklist
- Orchestrator API proxy for server management
- Docker deployment ready

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.env.example

@@ -0,0 +1,14 @@
+# Authentication
+NEXTAUTH_URL=https://panel.example.com
+NEXTAUTH_SECRET=generate-a-secret-here
+
+# Keycloak SSO
+KEYCLOAK_CLIENT_ID=control-panel
+KEYCLOAK_CLIENT_SECRET=your-client-secret
+KEYCLOAK_ISSUER=https://auth.example.com/realms/letsbe
+
+# Orchestrator API (same server)
+ORCHESTRATOR_URL=http://orchestrator:8100
+
+# Tenant domain (set during provisioning)
+TENANT_DOMAIN=example.com