vault: add pg-matrix + pg-technitium static roles to allowed_roles

Both static-roles existed in Vault state (created out-of-band) but
were missing from the postgresql connection's allowed_roles list. Vault
was logging 'is not an allowed role' rotation errors every 10s for both,
sustained CPU waste ~40-70m.

Adopted both via 'import {}' (import blocks removed after first apply
per the canonical adoption pattern).

- pg-matrix: username=matrix, rotation_period=86400 (1d)
- pg-technitium: username=technitium, rotation_period=604800 (7d)

Verified: 'is not an allowed role' errors stopped in vault-0 logs
immediately after apply.

stacks/vault/main.tf

@@ -617,6 +617,7 @@ resource "vault_database_secret_backend_connection" "postgresql" {
     "pg-wealthfolio-sync", "pg-fire-planner",
     "pg-postiz", "pg-instagram-poster",
     "pg-recruiter-responder",
+    "pg-matrix", "pg-technitium",
   ]
 
   postgresql {
@@ -813,6 +814,22 @@ resource "vault_database_secret_backend_static_role" "pg_recruiter_responder" {
   rotation_period = 604800
 }
 
+resource "vault_database_secret_backend_static_role" "pg_matrix" {
+  backend         = vault_mount.database.path
+  db_name         = vault_database_secret_backend_connection.postgresql.name
+  name            = "pg-matrix"
+  username        = "matrix"
+  rotation_period = 86400
+}
+
+resource "vault_database_secret_backend_static_role" "pg_technitium" {
+  backend         = vault_mount.database.path
+  db_name         = vault_database_secret_backend_connection.postgresql.name
+  name            = "pg-technitium"
+  username        = "technitium"
+  rotation_period = 604800
+}
+
 # =============================================================================
 # Kubernetes Secrets Engine — Dynamic K8s Credentials
 # =============================================================================