Make Keycloak authentication optional for local development

When KEYCLOAK_URL is not set, the dashboard runs without auth,
treating all users as authenticated "Local User". Auth middleware
and check-auth endpoint gracefully skip when Keycloak is unconfigured.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

compliance-dashboard/src/infrastructure/keycloak_config.rs

@@ -1,5 +1,3 @@
-use super::error::DashboardError;
-
 /// Keycloak OpenID Connect settings.
 #[derive(Debug)]
 pub struct KeycloakConfig {
@@ -11,13 +9,18 @@ pub struct KeycloakConfig {
 }
 
 impl KeycloakConfig {
-    pub fn from_env() -> Result<Self, DashboardError> {
-        Ok(Self {
-            url: required_env("KEYCLOAK_URL")?,
-            realm: required_env("KEYCLOAK_REALM")?,
-            client_id: required_env("KEYCLOAK_CLIENT_ID")?,
-            redirect_uri: required_env("REDIRECT_URI")?,
-            app_url: required_env("APP_URL")?,
+    pub fn from_env() -> Option<Self> {
+        let url = std::env::var("KEYCLOAK_URL").ok()?;
+        let realm = std::env::var("KEYCLOAK_REALM").ok()?;
+        let client_id = std::env::var("KEYCLOAK_CLIENT_ID").ok()?;
+        let redirect_uri = std::env::var("REDIRECT_URI").ok()?;
+        let app_url = std::env::var("APP_URL").ok()?;
+        Some(Self {
+            url,
+            realm,
+            client_id,
+            redirect_uri,
+            app_url,
         })
     }
 
@@ -50,7 +53,3 @@ impl KeycloakConfig {
     }
 }
 
-fn required_env(name: &str) -> Result<String, DashboardError> {
-    std::env::var(name)
-        .map_err(|_| DashboardError::Config(format!("{name} is required but not set")))
-}