extract kube-job scripts from management and workload cluster values

What does this MR do and why?

It finishes the refactoring initiated in !4676 (merged) and tracked in #2565 (closed):

• Extract scripts from management-cluster and workload-cluster values
• Add a helper to inject environment variables into a kube-job
• Add a helper to change the image of a kube-job

Example of a kube-job unit with multiple patches, we're left with what must be changed, with no patch boilerplate.

_patches:
  - '{{ include "kube-job-replace-image-patch" .Values._internal.oci_tools_image }}'
  - '{{ include "kube-job-add-env-var-patch" (dict
        "https_proxy" .Values.proxies.https_proxy
        "no_proxy" (include "sylva-units.no_proxy" (tuple .))
        "oci_registry_insecure" .Values.oci_registry_insecure
        "SKIP_IMAGE_VERIFICATION" .Values.security.os_images.skip_signing_check
    )}}'
  - '{{ include "kube-job-replace-script-patch" (.Files.Get "scripts/create-os-images-info.sh") }}'
  - '{{ include "kube-job-add-files-to-configmap-patch" (dict "images.yaml" (include "generate-os-images" .)) }}'

instead of

_patches:
  - target:
      kind: Job
    patch: |
      - op: replace
        path: /spec/template/spec/containers/0/image
        value: {{ .Values._internal.oci_tools_image }}
      - op: add
        path: /spec/template/spec/containers/0/env
        value:
       - name: https_proxy
         value: '{{ .Values.proxies.https_proxy }}'
       - name: no_proxy
         value: '{{ include "sylva-units.no_proxy" (tuple .) }}'
       - name: oci_registry_insecure
         value: '{{ .Values.oci_registry_insecure }}'
       - name: SKIP_IMAGE_VERIFICATION
         value: '{{ .Values.security.os_images.skip_signing_check }}'
 - '{{ include "kube-job-replace-script-patch" (.Files.Get "scripts/create-os-images-info.sh") }}'
 - '{{ include "kube-job-add-files-to-configmap-patch" (dict "images.yaml" (include "generate-os-images" .)) }}'

CI configuration

Below you can choose test deployment variants to run in this MR's CI.

Click to open to CI configuration

Legend:

Icon	Meaning	Available values
☁️	Infra Provider	capd, capo, capm3
🚀	Bootstrap Provider	kubeadm (alias kadm), rke2
🐧	Node OS	ubuntu, suse
🛠️	Deployment Options	light-deploy, dev-sources, ha, misc, maxsurge-0, logging, no-logging
🎬	Pipeline Scenarios	Available scenario list and description

• 🎬 preview ☁️ capd 🚀 kadm 🐧 ubuntu

• 🎬 preview ☁️ capo 🚀 rke2 🐧 suse

• 🎬 preview ☁️ capm3 🚀 rke2 🐧 ubuntu

• ☁️ capd 🚀 kadm 🛠️ light-deploy 🐧 ubuntu

• ☁️ capd 🚀 rke2 🛠️ light-deploy 🐧 suse

• ☁️ capo 🚀 rke2 🐧 suse

• ☁️ capo 🚀 kadm 🐧 ubuntu

• ☁️ capo 🚀 rke2 🎬 rolling-update 🛠️ ha 🐧 ubuntu

• ☁️ capo 🚀 kadm 🎬 wkld-k8s-upgrade 🐧 ubuntu

• ☁️ capo 🚀 rke2 🎬 rolling-update-no-wkld 🛠️ ha 🐧 suse

• ☁️ capo 🚀 rke2 🎬 sylva-upgrade-from-1.4.x 🛠️ ha 🐧 ubuntu

• ☁️ capo 🚀 rke2 🎬 sylva-upgrade-from-1.4.x 🛠️ ha,misc 🐧 ubuntu

• ☁️ capo 🚀 rke2 🛠️ ha,misc 🐧 ubuntu

• ☁️ capm3 🚀 rke2 🐧 suse

• ☁️ capm3 🚀 kadm 🐧 ubuntu

• ☁️ capm3 🚀 kadm 🎬 rolling-update-no-wkld 🛠️ ha,misc 🐧 ubuntu

• ☁️ capm3 🚀 rke2 🎬 wkld-k8s-upgrade 🛠️ ha 🐧 suse

• ☁️ capm3 🚀 kadm 🎬 rolling-update 🛠️ ha 🐧 ubuntu

• ☁️ capm3 🚀 rke2 🎬 sylva-upgrade-from-1.4.x 🛠️ ha 🐧 suse

• ☁️ capm3 🚀 rke2 🛠️ misc,ha 🐧 suse

• ☁️ capm3 🚀 rke2 🎬 sylva-upgrade-from-1.4.x 🛠️ ha,misc 🐧 suse

• ☁️ capm3 🚀 kadm 🎬 rolling-update 🛠️ ha 🐧 suse

• ☁️ capm3 🚀 ck8s 🎬 no-wkld 🛠️ light-deploy 🐧 ubuntu

Global config for deployment pipelines

• autorun pipelines
• allow failure on pipelines
• record sylvactl events

Notes:

• Enabling autorun will make deployment pipelines to be run automatically without human interaction
• Disabling allow failure will make deployment pipelines mandatory for pipeline success.
• if both autorun and allow failure are disabled, deployment pipelines will need manual triggering but will be blocking the pipeline

Be aware: after configuration change, pipeline is not triggered automatically. Please run it manually (by clicking the run pipeline button in Pipelines tab) or push new code.