feat(framework): P1+P2 — public sanitization + blocking CI gate (#572)

Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>

packages/mosaic/framework/tools/authentik/README.md

@@ -5,7 +5,7 @@ Manage Authentik identity provider (SSO, users, groups, applications, flows) via
 ## Prerequisites
 
 - `jq` installed
-- Authentik credentials in `~/src/jarvis-brain/credentials.json` (or `$MOSAIC_CREDENTIALS_FILE`)
+- Authentik credentials in `~/.config/mosaic/credentials.json` (or `$MOSAIC_CREDENTIALS_FILE`)
 - Required fields: `authentik.url`, `authentik.username`, `authentik.password`
 
 ## Authentication
@@ -47,7 +47,7 @@ All scripts support:
 ~/.config/mosaic/tools/authentik/user-list.sh
 
 # Search for a user
-~/.config/mosaic/tools/authentik/user-list.sh -s "jason"
+~/.config/mosaic/tools/authentik/user-list.sh -s "alice"
 
 # Create a user in the admins group
 ~/.config/mosaic/tools/authentik/user-create.sh -u newuser -n "New User" -e new@example.com -g admins