Fix miniflux secret to use CNPG-generated password

The miniflux user password is auto-generated by CloudNativePG and stored
in blumeops-pg-app secret. Updated README and secret template to document
the correct setup process.

argocd/manifests/miniflux/README.md

@@ -14,7 +14,10 @@ RSS/Atom feed reader deployed via ArgoCD.
 
 ```bash
 kubectl create namespace miniflux
-op inject -i argocd/manifests/miniflux/secret-db.yaml.tpl | kubectl apply -f -
+
+# The miniflux user password is auto-generated by CNPG in blumeops-pg-app secret
+kubectl create secret generic miniflux-db -n miniflux \
+  --from-literal=url="$(kubectl -n databases get secret blumeops-pg-app -o jsonpath='{.data.uri}' | base64 -d)"
 ```
 
 2. Apply the ArgoCD application:

argocd/manifests/miniflux/secret-db.yaml.tpl

@@ -1,9 +1,13 @@
-# Apply with: op inject -i argocd/manifests/miniflux/secret-db.yaml.tpl | kubectl apply -f -
+# Miniflux database connection secret
-apiVersion: v1
+#
-kind: Secret
+# The miniflux user password is auto-generated by CloudNativePG and stored in
-metadata:
+# blumeops-pg-app secret in the databases namespace. To create this secret:
-  name: miniflux-db
+#
-  namespace: miniflux
+# 1. Get the URI from CNPG secret:
-type: Opaque
+#    kubectl -n databases get secret blumeops-pg-app -o jsonpath='{.data.uri}' | base64 -d
-stringData:
+#
-  url: postgres://miniflux:{{ op://vg6xf6vvfmoh5hqjjhlhbeoaie/ns6wylqiuqgczpo7gq2akaxbti/password }}@blumeops-pg-rw.databases.svc.cluster.local:5432/miniflux?sslmode=disable
+# 2. Create the secret (one-liner):
+#    kubectl create secret generic miniflux-db -n miniflux \
+#      --from-literal=url="$(kubectl -n databases get secret blumeops-pg-app -o jsonpath='{.data.uri}' | base64 -d)"
+#
+# Note: Uses internal k8s DNS hostname (blumeops-pg-rw.databases) not Tailscale