CI: Bump build images to use Helm 3.9

What does this MR do?

Bump build images to use helm 3.9 instead of helm 3.7.

Related issues

• #5081 (closed)

Author checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

• Merge Request Title and Description are up to date, accurate, and descriptive
• MR targeting the appropriate branch
• MR has a green pipeline on GitLab.com
• When ready for review, follow the instructions in the "Reviewer Roulette" section of the Danger Bot MR comment, as per the Distribution experimental MR workflow

Expected (please provide an explanation if not completing)

• Test plan indicating conditions for success has been posted and passes
• Documentation created/updated
• Tests added/updated
• Integration tests added to GitLab QA
• Equivalent MR/issue for omnibus-gitlab opened
• Equivalent MR/issue for Gitlab Operator project opened (see Operator documentation on impact of Charts changes)
• Validate potential values for new configuration settings. Formats such as integer 10, duration 10s, URI scheme://user:passwd@host:port may require quotation or other special handling when rendered in a template and written to a configuration file.

Test plan

• Check helm changelog for changes between 3.7 and 3.9. Notable changes:

  • OCI registry support for charts is now generally available
  • Added more checks during the signing process

• Green pipeline (including triggering qa_*_manual_full_suite jobs). Pipeline at https://gitlab.com/gitlab-org/charts/gitlab/-/pipelines/1103535906. Failures in rspec ./qa/specs/features/browser_ui/5_package/package_registry/conan_repository_spec.rb:32 occur in master so are unlikely to be a result of this MR.

• Check installed version.

  helm version
  version.BuildInfo{Version:"v3.9.4", GitCommit:"dbc6d8e20fe1d58d50e6ed30f09a04a77e4c68db", GitTreeState:"clean", GoVersion:"go1.17.13"}
  

• Ensure gpg and gpg-agent is installed.

  gpg --version
  gpg (GnuPG) 2.4.3
  libgcrypt 1.10.2
  Copyright (C) 2023 g10 Code GmbH
  License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.
  
  Home: /root/.gnupg
  Supported algorithms:
  Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
  Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
          CAMELLIA128, CAMELLIA192, CAMELLIA256
  Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
  Compression: Uncompressed, ZIP, ZLIB, BZIP2
  gpg-agent --version
  gpg-agent (GnuPG) 2.4.3
  libgcrypt 1.10.2
  Copyright (C) 2023 g10 Code GmbH
  License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.

• Check build logs for helm-related errors and warning.

  From build logs for job https://gitlab.com/gitlab-org/charts/gitlab/-/jobs/5730599050:

  Getting updates for unmanaged Helm repositories...
  ...Successfully got an update from the "https://haproxytech.github.io/helm-charts" chart repository
  ...Successfully got an update from the "https://charts.jetstack.io/" chart repository
  ...Successfully got an update from the "https://helm.traefik.io/traefik" chart repository
  ...Successfully got an update from the "https://charts.gitlab.io/" chart repository
  ...Successfully got an update from the "https://charts.gitlab.io/" chart repository
  ...Successfully got an update from the "https://prometheus-community.github.io/helm-charts" chart repository
  ...Successfully got an update from the "https://charts.bitnami.com/bitnami" chart repository
  ...Successfully got an update from the "https://charts.bitnami.com/bitnami" chart repository
  Saving 14 charts
  Dependency gitlab did not declare a repository. Assuming it exists in the charts directory
  Dependency certmanager-issuer did not declare a repository. Assuming it exists in the charts directory
  Dependency minio did not declare a repository. Assuming it exists in the charts directory
  Dependency registry did not declare a repository. Assuming it exists in the charts directory
  Downloading cert-manager from repo https://charts.jetstack.io/
  Downloading prometheus from repo https://prometheus-community.github.io/helm-charts
  Downloading postgresql from repo https://charts.bitnami.com/bitnami
  Downloading gitlab-runner from repo https://charts.gitlab.io/
  Downloading redis from repo https://charts.bitnami.com/bitnami
  Dependency nginx-ingress did not declare a repository. Assuming it exists in the charts directory
  Dependency nginx-ingress did not declare a repository. Assuming it exists in the charts directory
  Downloading gitlab-zoekt from repo https://charts.gitlab.io/
  Downloading traefik from repo https://helm.traefik.io/traefik
  Downloading kubernetes-ingress from repo https://haproxytech.github.io/helm-charts
  Deleting outdated charts
  REVIEW_APPS_SENTRY_* detected, enabling Sentry
  WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /builds/gitlab.tmp/KUBECONFIG
  WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /builds/gitlab.tmp/KUBECONFIG
  Release "rvw-bump-helm-to-3-9" does not exist. Installing it now.
  NAME: rvw-bump-helm-to-3-9
  LAST DEPLOYED: Tue Dec 12 05:28:10 2023
  NAMESPACE: eks-helm-charts-win
  STATUS: deployed
  REVISION: 1
  NOTES:
  === CRITICAL
  The following charts are included for evaluation purposes only. They will not be supported by GitLab Support
  for production workloads. Use Cloud Native Hybrid deployments for production. For more information visit
  https://docs.gitlab.com/charts/installation/index.html#use-the-reference-architectures.
  - PostgreSQL
  - Redis
  - Gitaly
  - MinIO
  === NOTICE
  The minimum required version of PostgreSQL is now 13. See https://gitlab.com/gitlab- 
  org/charts/gitlab/-/blob/master/doc/installation/upgrade.md for more details.
  === NOTICE
  You've installed GitLab Runner without the ability to use 'docker in docker'.
  The GitLab Runner chart (gitlab/gitlab-runner) is deployed without the `privileged` flag by default for security purposes. This can be 
  changed by setting `gitlab-runner.runners.privileged` to `true`. Before doing so, please read the GitLab Runner chart's documentation 
  on why we
  chose not to enable this by default. See https://docs.gitlab.com/runner/install/kubernetes.html#running-docker-in-docker-containers- 
  with-gitlab-runners