fix DB password rotation desync in 5 stacks

Vault DB engine rotates passwords weekly but 5 stacks baked passwords
at Terraform plan time, causing stale credentials until next apply.

- real-estate-crawler: add vault-database ESO, use secret_key_ref in 3 deployments
- nextcloud: switch Helm chart to existingSecret for DB password
- grafana: add vault-database ESO, use envFromSecrets in Helm values
- woodpecker: use extraSecretNamesForEnvFrom, remove plan-time data source chain
- affine: add vault-database ESO, use secret_key_ref in deployment + init container

stacks/nextcloud/chart_values.yaml

@@ -61,8 +61,10 @@ externalDatabase:
   type: mysql
   host: ${mysql_host}
   user: nextcloud
-  password: ${db_password}
   database: nextcloud
+  existingSecret:
+    secretName: nextcloud-db-creds
+    passwordKey: DB_PASSWORD
 
 persistence:
   enabled: true