Publish minimal default catalog for customer Backstage instances

[marians]

Part of

• https://github.com/giantswarm/giantswarm/issues/29552

One important building block for Backstage provided to customers is the catalog. The goal of this issue is to provide a common base catalog that can be published to all customers.

Roughly, the catalog should contain

• All apps we publish
• Additional open source software components by Giant Swarm that may be relevant to customers
• Team information
• Team member (user) information

We must decide whether the catalog data can be publicly accessible. If yes, this could help keep configuration simple. However, if required, the catalog should be pulled from a non-public place, using authentication.

The catalog data could also be modular and provided either publicly or privately, based on the sensitivity of the content.

### Tasks
- [x] Enhance backstage-catalog-importer to export customer catalogs
- [x] Decide how to publish and inject users into catalogs
- [x] Create automation for publishing the catalogs

[marians]

We have this PR in progress: https://github.com/giantswarm/backstage-catalog-importer/pull/155

Current todo

• [x] Prefix all team names with team- if not prefixed
• [x] Create public groups file (so that owner teams can be resolved)
• [x] Create public users file (so that Giant Swarm users can log in)
• [ ] Add component type from internal github repos data
• [ ] Add component lifecycle from internal github repos data
• [ ] Discussion: Can we have some systems for better context?
• [x] Add techdocs URL annotation
• [x] Set giantswarm as a namespace

Some details should be left to an entity processor. For example, the default branch name, or whether the repository has a README.md file, are details I would like to avoid adding via backstage-catalog-importer, and instead use a processor.

[marians]

Some aftermath

• All apps should have an owner team annotation
• All apps should have the "Home" URL pointing to our Github repository, not upstream (or at least have the URL somewhere)

These apps are missing the github repo URL:

• [x] azure-operator-chart (https://github.com/giantswarm/azure-operator is archived)
• [x] cilium (https://github.com/giantswarm/cilium-app/pull/188)
• [ ] cluster-api-control-plane
• [ ] crossplane
• [ ] dns-network-policy-operator
• [ ] event-exporter-app
• [ ] goldilocks
• [ ] harbor
• [ ] inlets-operator-app
• [ ] karpenter
• [ ] kiam-app
• [ ] linkerd-multicluster-link
• [ ] linkerd-viz
• [ ] prometheus-pushgateway
• [ ] rook-operator-app
• [ ] sloth
• [ ] teleport-kube-agent
• [ ] webhook-exporter

[marians]

@gusevda I just checked our internal users catalog https://github.com/giantswarm/github/blob/main/catalog/users.yaml and found that it indeed contains email adresses. Do you know whether they are required for authentication/authorization? Could access work without them?

[gusevda]

@marians for authorization we use usernameMatchingUserEntityName resolver, so the email should not be needed. I don't think there are other places where it can be required. Will check the authorization without emails in the catalog and get back to you.

[gusevda]

@marians I tested authorization without email and it worked

[marians]

Found more things to improve:

• apps should have kubernetes annotations so related resources can be found (if possible)

[marians]

Done