fix(helm): address CodeRabbit review findings

NOTES.txt:
- Detect ingress scheme dynamically (http/https based on .Values.ingress.tls)
- Include first path in ingress URL output
- Use .Values.service.port in port-forward example instead of hardcoded 80
- Add -n {{ .Release.Namespace }} to all kubectl commands

postiz-config.yaml:
- Merge temporal enabled/external branches: external address now also emits
  TEMPORAL_NAMESPACE and TEMPORAL_TLS, not just TEMPORAL_ADDRESS

temporal-init-job.yaml:
- Use .Values.temporal.postgresql.seeds as PGHOST source (with fallback to
  bitnami sub-chart service name) so init job and runtime use the same host
- Switch to quoted heredoc (<<-'SQL') + psql --set to pass credentials as
  psql variables, preventing shell expansion from breaking on special chars

temporal-secret.yaml:
- Add required validation: temporal.postgresql.password must be set explicitly
  when temporal.enabled=true

values.yaml:
- Remove hardcoded default passwords (postgresPassword, temporal.postgresql.password)
  replaced with empty strings to avoid predictable default credentials

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

charts/postiz/values.yaml

@@ -67,7 +67,7 @@ postgresql:
     # postgresPassword is used by the temporal init job to create the temporal user.
     # Set this explicitly; if left empty, Bitnami generates a random password
     # that the init job cannot retrieve.
-    postgresPassword: postgres-admin-password
+    postgresPassword: ""
   service:
     ports:
       postgresql: 5432
@@ -101,7 +101,7 @@ temporal:
     # Credentials for the temporal user created in the shared PostgreSQL instance.
     # The init job creates this user via the postgres superuser before Temporal starts.
     user: temporal
-    password: "temporal-password"
+    password: ""
     # seeds: PostgreSQL hostname. Defaults to the Bitnami postgresql sub-chart service.
     seeds: ""