Draft: Validate Helm template in AdmissionWebhook

What

Validates the Helm template in the AdmissionWebhook, meaning any template errors will be communicated during kubectl apply -f <GitLab CR manifest>.yaml.

Example:

 kubectl apply -f mygitlab.yaml -n gitlab-system
Error from server (helm template failed: execution error at (gitlab/charts/gitlab/charts/webservice/templates/service.yaml:2:4): FATAL: Webservice: no deployment with ingress.path '/' or '/*' specified.): error when creating "mygitlab.yaml": admission webhook "vgitlab.kb.io" denied the request: helm template failed: execution error at (gitlab/charts/gitlab/charts/webservice/templates/service.yaml:2:4): FATAL: Webservice: no deployment with ingress.path '/' or '/*' specified.

Why

To receive feedback as soon as possible. Rather than waiting to see the error(s) in the Reconcile loop from the Controller logs, the user will be told immediately upon kubectl apply-ing the resource if there are any problems.

This aligns with common practices in Kubernetes already. For example, if you try to apply a Service that modifies the selectors, you will receive an error about field immutability.

How

• By moving some Helm helper functions into the helm package (so they can be imported into the api package without a circular dependency error)
• By rendering the Helm template during the AdmissionWebhook

Testing

See #321 (comment 807574018).

TL;DR: the Helm template sometimes takes more than 30 seconds to render, which exceeds the maximum possible timeout of the AadmissionWebhook.

Closes #321 (closed)