Remove all CPU limits cluster-wide to eliminate CFS throttling

CPU limits cause CFS throttling even when nodes have idle capacity.
Move to a request-only CPU model: keep CPU requests for scheduling
fairness but remove all CPU limits. Memory limits stay (incompressible).

Changes across 108 files:
- Kyverno LimitRange policy: remove cpu from default/max in all 6 tiers
- Kyverno ResourceQuota policy: remove limits.cpu from all 5 tiers
- Custom ResourceQuotas: remove limits.cpu from 8 namespace quotas
- Custom LimitRanges: remove cpu from default/max (nextcloud, onlyoffice)
- RBAC module: remove cpu_limits variable and quota reference
- Freedify factory: remove cpu_limit variable and limits reference
- 86 deployment files: remove cpu from all limits blocks
- 6 Helm values files: remove cpu under limits sections

stacks/freedify/factory/main.tf

@@ -9,13 +9,13 @@ variable "protected" {
   default = false
 }
 variable "listenbrainz_token" {
-  type    = string
-  default = null
+  type      = string
+  default   = null
   sensitive = true
 }
 variable "genius_token" {
-  type    = string
-  default = null
+  type      = string
+  default   = null
   sensitive = true
 }
 variable "dab_visitor_id" {
@@ -27,14 +27,10 @@ variable "dab_session" {
   default = null
 }
 variable "gemini_api_key" {
-  type    = string
-  default = null
+  type      = string
+  default   = null
   sensitive = true
 }
-variable "cpu_limit" {
-  type    = string
-  default = "250m"
-}
 variable "memory_limit" {
   type    = string
   default = "256Mi"
@@ -112,7 +108,6 @@ resource "kubernetes_deployment" "freedify" {
           }
           resources {
             limits = {
-              cpu    = var.cpu_limit
               memory = var.memory_limit
             }
             requests = {

stacks/freedify/main.tf

@@ -1,9 +1,9 @@
 variable "tls_secret_name" {
-  type = string
+  type      = string
   sensitive = true
 }
 variable "freedify_credentials" {
-  type = map(any)
+  type      = map(any)
   sensitive = true
 }