Create keycloak database password file on deploy

Keycloak is setup to read /run/keys/db_password to obtain the database password

/run/ is a tmpfs, meaning on reboot it is lost. This leads to keycloak not starting backup until someone manually creates the required file. Impacting as any service which depends on keycloak, often through using it for oauth.

The password is found under the name keycloak postgres on the admin vaultwarden.

The likely solution is to use agenix, following our existing infra for deploying secrets.