feat(newrelic-pixie): support global.images registry, pullSecrets, and pullPolicy

[dpacheconr]

Summary

Add support for cascading registry, pullSecrets, and pullPolicy from global settings to newrelic-pixie.

Phase 1: Global.Images.Registry Support ✅

• Updated values.yaml to keep default image repositories with clarifying comments
• Added helpers to _helpers.tpl to check global.images.registry fallback
• Updated job.yaml to use new image helpers
• Both clusterRegistrationWaitImage and main image now support global registry

Phase 2: Global.Images.PullSecrets Support ✅

• Added newrelic-pixie.imagePullSecrets helper in _helpers.tpl
• Added newrelic-pixie.clusterWaitImagePullSecrets helper (for future use)
• Updated job.yaml to use imagePullSecrets helper combining global and chart-level

Phase 3: Global.Images.PullPolicy Support ✅ (NEW)

• Added newrelic-pixie.clusterWaitImagePullPolicy helper in _helpers.tpl
• Added newrelic-pixie.imagePullPolicy helper in _helpers.tpl
• Updated job.yaml to use pullPolicy helpers for both init container and main container
• Configuration respects hierarchy: global setting → chart-level setting → default (IfNotPresent)

Configuration Hierarchy

For Image Registry:

1. global.images.registry (if set AND repository matches default)
2. Explicit repository configuration (takes precedence)

For ImagePullSecrets:

1. global.images.pullSecrets (highest priority)
2. image.pullSecrets (chart level)
   Both sources are concatenated to support flexible secret management.

For ImagePullPolicy:

1. global.images.pullPolicy (highest priority)
2. Chart-level image.pullPolicy
3. Default: IfNotPresent

Implementation Details

• If global.images.registry is set AND repository matches default, uses global registry
• If repository is explicitly set to custom value, that takes precedence
• If global registry is not set, defaults to original paths
• PullPolicy hierarchy ensures global settings cascade down when no explicit chart configuration is provided
• The helper uses toYaml for consistent formatting with existing patterns

Test Plan

Phase 1 (Registry):

• ✓ Global registry is used when set and repository is default
• ✓ Defaults to standard image paths when global registry not configured
• ✓ Explicit repository configuration overrides global registry

Phase 2 (PullSecrets):

• ✓ No pullSecrets set → No imagePullSecrets section rendered
• ✓ Global pullSecrets only → Uses global
• ✓ Both global + chart pullSecrets → Uses both (global items first)

Phase 3 (PullPolicy):

• ✓ Global pullPolicy is used when set and no chart-level policy exists
• ✓ Defaults to IfNotPresent when neither global nor chart policy is set
• ✓ Explicit chart-level pullPolicy overrides global setting

Impact

Once merged, users can now configure newrelic-pixie with comprehensive global image settings:

```yaml
global:
images:
registry: "my.private.registry.com"
pullSecrets:
- name: my-registry-credentials
pullPolicy: Always
```