[TASK] Refactor OpenShift values and remove post-rendering script

[aabouzaid]

Related to

Epic: https://github.com/camunda/distribution/issues/189

Overview

Starting in March 2024 (thanks @leiicamundi for mentioning this :raised_hands:), many Bitnami charts introduced a new flag adaptSecurityContext which works as a workaround to the Helm CLI bug where it's not possible to null sub-charts values (hence we couldn't remove some security config that auto-added by OpenShift and we needed to use rendering script).

Actions

• [x] Should ensure that all of our sub-chart dependencies support the new flag adaptSecurityContext (including the external chart we have in our repo).
• [x] Should update OpenShift values to use the new flag.
• [ ] Should update our docs and remove all parts related to the post-rendering script.
• [ ] Maybe add a new key in our chart like .global.openshift.restrictedSCC: true which enables those changes without any extra actions/values from the user.

### Sub-tasks
- [ ] https://github.com/camunda/camunda-platform-helm/pull/2188
- [ ] https://github.com/camunda/camunda-docs/pull/4129

[hamza-m-masood]

This change only exists in the alpha version currently. This was because the PostgreSQL charts needed to be updated for identity and webModeler.

The global flag .global.openshift.restrictedSCC: true could not be added because of the initContainer copy-camunda-theme passed into the identityKeycloak subchart through the values.yaml. It is not possible to easily modify the runAsUser value on the initContainer. So instead I decided to completely overwrite the identityKeycloak.initContainers array through the OpenShift values.yaml

I will create a PR for the docs repo very soon.

[hamza-m-masood]

docs PR: https://github.com/camunda/camunda-docs/pull/4129