[update] Save and restore customContainerImages around targetVersion patch

[rebtoor]

Starting with openstack-operator FR4
(openstack-k8s-operators/openstack-operator#1569, merged Oct 2025),
the OpenStackVersion admission webhook rejects targetVersion
changes when spec.customContainerImages are identical to those
tracked for the previously deployed version.

In CI the same delorean hash is used for both the greenfield
deployment and the simulated version bump, so customContainerImages
are legitimately identical. Simply clearing them is not safe
because the operator falls back to CSV defaults which may point to
an inaccessible upstream registry (quay.io), while the custom
images point to the internal mirror (images.paas.redhat.com).

Work around this by saving customContainerImages, nulling them
in the same merge patch that sets targetVersion (so the webhook's
hasAnyCustomImage check returns false and skips validation), then
immediately restoring them before the operator reconciles. This
preserves the correct internal-mirror image references while
bypassing the webhook.

Assisted-by: Cursor (claude-4.6-opus-high)

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: rebtoor
Once this PR has been reviewed and has the lgtm label, please assign fmount for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[karelyatin]

@rebtoor but we shouldn't go different process then what we document, we don't allow update without customcontainer images for reasons openstack-k8s-operators/openstack-operator#1569 , so i think we should avoid any hack in CI too