add policy to fix RKE2 HelmChart for core components to avoid their uninstallation

Related issues: #1579 (closed) sylva-projects/sylva-elements/helm-charts/sylva-capi-cluster#163 (closed)

The HelmChart controller embedded in RKE2 is known to sometimes possibly uninstall Helm releases (see #1579 (closed) sylva-projects/sylva-elements/helm-charts/sylva-capi-cluster#163 (closed)). This of course can be detrimental if the Helm release is critical to the system.

This MR introduces a Kyverno policy to patch RKE2 HelmChart resources to give them a safe setting (spec.failurePolicy: abort instead of the default reinstall that does a delete/reinstall) for the following critical Helm releases:

• metallb is covered as well - this isn't essential now that we've merged !3101 (merged), but I think that it might help during node rolling updates on upgrades from Sylva 1.1.1 (ensuring that no old node would uninstall the chart)
• rke2-calico and rke2-calico-crd -- note that we have !3218 (merged) in flight, so this addition will soon become much less relevant, but having this will help progress !2959 (merged) in parallel, and may remain helpful for upgrades from 1.1.1 (same point as for metallb above)
• rke2-coredns, which is a Helm release that can be considered critical