authentik: generous startup/liveness probes for first-boot migration

The server pod was getting killed by liveness probe at 60s while still
waiting on migration DB lock (worker pod also running migrations against
same DB). Add startupProbe with 10.5 min budget so liveness doesn't fire
until migrations finish.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

apps/authentik/authentik.yaml

@@ -286,22 +286,34 @@ spec:
               value: "false"
             - name: AUTHENTIK_LOG_LEVEL
               value: info
+          # First-boot Authentik can take 3+ min on the migration phase
+          # (waiting on DB lock while worker also runs migrations). Initial
+          # delays are generous so kubelet doesn't kill the pod mid-migration;
+          # periodSeconds keeps post-startup probing responsive.
           readinessProbe:
             httpGet:
               path: /-/health/ready/
               port: 9000
-            initialDelaySeconds: 30
+            initialDelaySeconds: 60
             periodSeconds: 10
             timeoutSeconds: 5
-            failureThreshold: 6
+            failureThreshold: 12
           livenessProbe:
             httpGet:
               path: /-/health/live/
               port: 9000
-            initialDelaySeconds: 60
+            initialDelaySeconds: 300
             periodSeconds: 30
             timeoutSeconds: 10
             failureThreshold: 3
+          startupProbe:
+            httpGet:
+              path: /-/health/live/
+              port: 9000
+            initialDelaySeconds: 30
+            periodSeconds: 15
+            timeoutSeconds: 10
+            failureThreshold: 40  # 30s + 40*15s = 10.5 min budget
           resources:
             requests: { cpu: 150m, memory: 512Mi }
             limits: { cpu: 1500m, memory: 1Gi }