Doc: Add how-to guides for Entra ID

[markylaing]

When Entra ID is configured as the OIDC provider for LXD, it works for the UI only. We can use Keycloak as a broker to support it for both the CLI and UI for now. This PR adds tutorials for both.

Note: To test this you will need

1. Access to an Entra ID tenant.
2. Access to a realm in Keycloak that is running HTTPS and accessible from LXD.

For the second point, I did this by running it in podman with self-signed certs using the following:

$ mkdir keycloak
$ openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -sha384 -keyout keycloak/keycloak.key -nodes -out keycloak/keycloak.crt -days 1 -subj "/CN=127.0.0.1" -addext "subjectAltName=IP:127.0.0.1"
$ chmod 660 keycloak/keycloak.key # Needed so Keycloak can read the key file in the container
$ cat keycloak/keycloak.{crt,key} > keycloak/keycloak.pem
$ cp keycloak/keycloak.pem /etc/ssl/certs/ # Needed so LXD will trust Keycloaks certificate.
$ sudo systemctl restart snap.lxd.daemon # Not needed if OIDC was not previously used.
$ podman run -p 9443:8443 -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin -v /home/mark/keycloak/keycloak-keys:/tmp/keycloak-keys -e KC_HTTPS_CERTIFICATE_FILE=/tmp/keycloak-keys/keycloak.crt -e KC_HTTPS_CERTIFICATE_KEY_FILE=/tmp/keycloak-keys/keycloak.key quay.io/keycloak/keycloak:26.1.0 start-dev

[tomponline]

Have those pngs been minimised in size btw?

[markylaing]

Have those pngs been minimised in size btw?

They're just screenshots (a couple have been edited to blur sensitive info). How should I minimise?

[markylaing]

I've compressed them all now with optipng

[markylaing]

@minaelee Thanks for the speedy review! I've addressed all of your comments. I've also reworked that last section (the warning) to give an overview of the caveats and link to the Keycloak documentation. Could you please re-review? Thanks :)

[tomponline]

Thanks!

changes made