Feature Request - Allow to set securityContext for all pods generated with the helm install, including helm hooks

Problem to solve

With the gitlab helm chart it is not always possible to configure the securityContext for k8s containers.

Previously we used pod security policies (PSP) in k8s. Because PSP is deprecated in k8s 1.24 we migrated to pod security admissions. The consequence is that we now MUST set a proper securityContext for ALL containers.

With the current helm chart, this is not possible. We can use the helm post-renderer to patch most containers. Even though this is not ideal, this works.

However, the helm chart also has pre-upgarde/install en test webhooks. The containers generated via these helm hooks are not patchable via a post-renderer.

Proposal

Could the helm chart be updated so we can set the entire securityContext for containers? in e.g. https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/templates/upgrade_check_hook.yaml?ref_type=heads you can see that only a couple fields under securityContext can be configured (and only on the pod level...). This is not sufficient.