Add iOS redirect URI and JWT secret to Helm chart

Add backend.oidc.iosRedirectUri (default: timetracker://oauth/callback) and
backend.jwt.secret to values.yaml and wire them into the backend deployment
as OIDC_IOS_REDIRECT_URI and JWT_SECRET env vars. Update NOTES.txt to surface
both values post-install.

timetracker-chart/templates/backend-deployment.yaml

@@ -56,8 +56,12 @@ spec:
               value: {{ .Values.backend.oidc.clientId | quote }}
             - name: OIDC_REDIRECT_URI
               value: {{ (index .Values.ingress.hosts 0).host | printf "https://%s/api/auth/callback" | quote }}
+            - name: OIDC_IOS_REDIRECT_URI
+              value: {{ .Values.backend.oidc.iosRedirectUri | quote }}
             - name: SESSION_SECRET
               value: {{ .Values.backend.session.secret | quote }}
+            - name: JWT_SECRET
+              value: {{ .Values.backend.jwt.secret | quote }}
             - name: APP_URL
               value: {{ (index .Values.ingress.hosts 0).host | printf "https://%s" | quote }}
           ports: