fix: Remove tenant modification from enrollment flow blueprint

The enrollment flow blueprint was failing with error:
"Model authentik.tenants.models.Tenant not allowed"

This is because the tenant/brand model is restricted in Authentik's
blueprint system and cannot be modified via blueprints.

Changes:
- Removed the tenant model entry (lines 150-156)
- Added documentation comment explaining the restriction
- Enrollment flow now applies successfully
- Brand enrollment flow must be configured manually via API if needed

Note: The enrollment flow is still fully functional and accessible
via direct URL even without brand configuration:
https://auth.<domain>/if/flow/default-enrollment-flow/

Tested on: black client deployment
Blueprint status: successful (previously: error)

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

ansible/roles/authentik/files/enrollment-flow.yaml

@@ -147,9 +147,7 @@ entries:
       target: !KeyOf flow
     model: authentik_flows.flowstagebinding
 
-  # 10. SET AS DEFAULT ENROLLMENT FLOW IN BRAND
+  # Note: Brand enrollment flow configuration must be done via API
-  - attrs:
+  # The tenant model is restricted in blueprints
-      flow_enrollment: !KeyOf flow
+  # Use: PATCH /api/v3/core/tenants/{tenant_uuid}/
-    identifiers:
+  # Body: {"flow_enrollment": "<flow_uuid>"}
-      domain: authentik-default
-    model: authentik_tenants.tenant