Use nested Redis auth secrets when password key is absent

What does this MR do?

MR fixes a bug where configuring a separate auth secret for a nested Redis class (e.g. global.redis.cache.auth.secret) was silently ignored, causing the global Redis secret to be used instead.

Root cause: gitlab.redis.selectedMergedConfig sets redisMergedConfig to a direct reference (not a copy) of the named Redis sub-config map. When the sub-config had no password key, it would fall back to global.redis.auth — but because redisMergedConfig is a reference, this mutated global.redis.cache in-place, adding password = global.redis.auth. By the time gitlab.redis.configMerge ran to resolve which secret to mount, it found cache.password already set to the global auth secret and used that.

Fix: Both selectedMergedConfig and configMerge now check for a nested auth key on the sub-config (e.g. global.redis.cache.auth) before falling back to the global global.redis.auth. This matches the pattern users naturally follow, since the global config uses global.redis.auth.

Related issues

Closes #5167 (closed)

Author checklist

For general guidance, please follow our Contributing guide.

Required

For anything in this list which will not be completed, please provide a reason in the MR discussion.

• Merge Request Title and Description are up to date, accurate, and descriptive.
• MR targeting the appropriate branch.
• MR has a green pipeline.
• Documentation created/updated.
• Tests added/updated, and test plan for scenarios not covered by automated tests.
• Equivalent MR/issue for omnibus-gitlab opened.

Reviewers checklist

• MR has a green pipeline on https://gitlab.com/gitlab-org/charts/gitlab.
• Consider downstream impact to the Operator, as per evaluating impact from changes to GitLab chart.