Fix keystone WSGI script path in TLS override

The tls.yaml override for keystone references keystone-wsgi-public
as the WSGI script, but since 2025.1-ubuntu_noble the script was
renamed to wsgi.py. This causes Apache to fail with
"Target WSGI script not found" when TLS is enabled.

Fix tls.yaml directly to:
- Use the correct script path /var/www/cgi-bin/keystone/wsgi.py
- Reuse $portInt variable instead of duplicate endpoint_port_lookup
- Move ErrorLogFormat/ErrorLog before VirtualHost to match values.yaml

Change-Id: I40b2d20f1aace07c8f1754902c4fad256d844800
Signed-off-by: Kim soo <popododo0720@naver.com>

values_overrides/keystone/tls.yaml

@@ -36,12 +36,14 @@ conf:
     SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
     CustomLog /dev/stdout combined env=!forwarded
     CustomLog /dev/stdout proxy env=forwarded
+    ErrorLogFormat "%{cu}t %M"
+    ErrorLog /dev/stdout
 
-    <VirtualHost *:{{ tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
+    <VirtualHost *:{{ $portInt }}>
       ServerName {{ printf "%s.%s.svc.%s" "keystone-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
       WSGIDaemonProcess keystone-public processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
       WSGIProcessGroup keystone-public
-      WSGIScriptAlias / /var/www/cgi-bin/keystone/keystone-wsgi-public
+      WSGIScriptAlias / /var/www/cgi-bin/keystone/wsgi.py
       WSGIApplicationGroup %{GLOBAL}
       WSGIPassAuthorization On
       ErrorLogFormat "%{cu}t %M"