Login no longer hangs when LDAP is not configured

Fixed a regression where login could block for around 48 seconds on installs that did not have LDAP configured. The auth flow tried LDAP first and waited the full directory-server connect timeout when the server was unreachable — long enough that the web proxy gave up and the user saw a generic connection-reset error.

LDAP authentication now runs with explicit connect (2 s) and receive (3 s) timeouts, executes off the request loop so a worst-case timeout cannot block other traffic, and the shipped configuration ships with empty connection fields so fresh installs skip LDAP entirely until an operator populates them. End-to-end login latency on a non-LDAP install drops from ~48 seconds to under half a second.

No action required. Operators using LDAP can override the timeouts in config/sso.yaml.