SSO-specific nextcloud settings

@xeruf proposed these additional nextcloud settings, that make sense in our single-sign-on environment:

configs:
  sso.config.php: |-
    <?php
    $CONFIG = array (
      'allow_user_to_change_display_name' => false,
      'lost_password_link' => 'https://sso.${domain}/login/recovery',
    );