observability-platform-api release v0.2.0

Add Gateway API HTTPRoute resources for Loki, Mimir, and Tempo (read and write), replacing the previous NGINX ingress setup.
Add native JWT authentication via Envoy Gateway SecurityPolicy.jwt, supporting multiple OIDC providers (e.g. Dex, Azure AD). Configurable via auth.jwt.providers.
Add /loki/api/v1/rules to the Loki read routes.
Add GRPCRoute for Tempo gRPC traffic (port 9095), routing all tempopb.* services to tempo-query-frontend with JWT enforcement via SecurityPolicy.

Replace NGINX ingress-based auth (nginx.ingress.kubernetes.io/auth-url) with Envoy Gateway SecurityPolicy JWT validation — no external auth service (oauth2-proxy or Dex extAuth) required.
Change missing X-Scope-OrgID response code from 400 to 401 across all routes.
When auth.jwt.providers is empty and a service is enabled, routes are silently not rendered (no chart error). Previously the chart would fail with an error.
Fix Tempo gRPC route service regex from tempopb to tempopb\.[^/]+ to correctly match package-qualified service names (e.g. tempopb.StreamingQuerier).

Remove dependency on oauth2-proxy for write route authentication.
Remove Envoy Gateway Backend CRD and extAuth configuration in favour of inline JWT validation.