feat: Allow arbitrary podSpec in migration-job and crd-install jobs for operator chart

[localleon]

Closes #1287

This extends the Redpanda Operator Helm chart to allow configurable security contexts and other pod spec settings for pre-install CRD job and post-upgrade migration job hooks via new top-level values fields.

Values Configuration

1. Customize the CRD pre-install hook Job's pod spec (securityContext, tolerations, nodeSelector, etc.)
2. Customize the post-upgrade migration hook Job's pod spec

Implementation Details

• Added CRDs.PodTemplate and MigrationJob.PodTemplate structs to values.go
• Updated pre_install_crd_job.go and post_upgrade_migration_job.go to apply [StrategicMergePatch] when overrides are provided
• Merged via StrategicMergePatch semantics on top of chart-managed defaults
• Only the spec field is merged (not metadata) to avoid nil pointer issues when users provide spec-only overrides

crds:
  enabled: true
  podTemplate:
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 65532
      containers:
        - name: crd-installation
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true

migrationJob:
  podTemplate:
    spec:
      securityContext:
        runAsNonRoot: true
      tolerations:
        - key: workload
          operator: Equal
          value: batch
          effect: NoSchedule

I've regenerated the charts using the taskfile and performed manual validation (helm template), if the rednering is successfull with both jobs!

[CLAassistant]

All committers have signed the CLA.

[github-actions]

This PR is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[localleon]

Dear all, would you be so kind and review the PR?

Thanks in advance!

[github-actions]

This PR is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[localleon]

Still there :-)

[github-actions]

This PR is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[localleon]

@andrewstucki @ivotron @RafalKorepta @hidalgopl @david-yu would anyone of you please be so kind and take a look at the PR?

Thanks in advance!

[github-actions]

This PR is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[localleon]

Still here ;-)

[andrewstucki]

Hi @localleon -- been quite busy with a number of other things so haven't had too much time to look at this. At minimum one of us will have to close and re-open this as a local-to-this-repo branch as that's the only way CI will run. That said, I'm generally fine with this idea since we have the ability to merge in arbitrary pod spec to actual brokers today, so why not the migration/CRD jobs? But just need to discuss internally whether this is something we want to support. Thanks for the contribution and we'll get back about it soon!

[localleon]

Thanks for the response @andrewstucki! If theres anything to do, let me know!

[github-actions]

This PR is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 5 days.