cmd/k8s-operator,k8s-operator,go.{mod,sum}: make individual proxy images/image pull policies configurable

[irbekrm]

See tailscale/tailscale#11675 for context - this PR attempts to make it easier to configure what images are used for the operator proxies and make it possible to configure image pull policies.

Adds a couple new fields to ProxyClass CRD to make it possilble to configure images/image pull policies for tailscale container and tailscale init container:

apiVersion: tailscale.com/v1alpha1
kind: ProxyClass
...
spec:
...
  statefulSet:
    pod:
      tailscaleContainer:
        image: "ghcr.io/tailscale/tailscale:v1.64.0"
        imagePullPolicy: IfNotPresent
      tailscaleInitContainer:
        image: "ghcr.io/tailscale/tailscale:v1.64.0"
        imagePullPolicy: IfNotPresent

To try this out:

• build a new operator image
• apply CRDs from this PR kubectl apply -f ./cmd/k8s-operator/deploy/crds
• deploy the operator skipping the CRD and with the new image helm upgrade --install operator tailscale-dev/tailscale-operator -n tailscale --set operatorConfig.image.repo=<image> --set installCRDs=false --set operatorConfig.image.tag=<tag>...
• apply a ProxyClass with images/image pull policies configured, i.e kubectl apply -f ./cmd/k8s-operator/examples/proxyclass.yaml
• apply the ProxyClass to any operator's managed proxy https://tailscale.com/kb/1236/kubernetes-operator#cluster-resource-customization-using-proxyclass-custom-resource
• observe that Image/ImagePullPolicy fields of the proxy Pod have the expected values

[oxtoacart]

Given the below proxy class

apiVersion: tailscale.com/v1alpha1
kind: ProxyClass
metadata:
  name: prod
spec:
  statefulSet:
    annotations:
      platform-component: infra 
    pod:
      tailscaleContainer:
        env:
          - name: FOO
            value: BAZ
      labels:
        team: eng
      nodeSelector:
        beta.kubernetes.io/os: "linux"
      imagePullSecrets:
      - name: "foo"
      tailscaleContainer:
        image: "ghcr.io/tailscale/tailscale:v1.64.0"
        imagePullPolicy: IfNotPresent
      tailscaleInitContainer:
        image: "ghcr.io/tailscale/tailscale:v1.64.0"
        imagePullPolicy: IfNotPresent

In my testing, this worked for an ingress defined as follows:

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kuardfoobar 
  labels:
    tailscale.com/proxy-class: "prod"
spec:
  tls:
  - hosts:
    - "dnstest"
  rules:
  - http:
      paths:
      - backend:
          service:
            name: kuardfoobar
            port:
              number: 80
        pathType: Prefix 
        path: /
  ingressClassName: tailscale

But, it did not work for a service defined as follows:

apiVersion: v1
kind: Service
metadata:
  name: kuardfoobar
  labels:
    tailscale.com/proxy-class: "prod"
spec:
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP
  selector:
    app: kuardfoobar

➜  oss git:(irbekrm/docim) ✗ kubectl get pod -n tailscale ts-kuardfoobar-k2pz9-0 -o yaml | grep image
    image: ghcr.io/tailscale/tailscale:v1.64.0
    imagePullPolicy: IfNotPresent
  imagePullSecrets:
    image: ghcr.io/tailscale/tailscale:v1.64.0
    imageID: ghcr.io/tailscale/tailscale@sha256:0e7dd9e2772c32958e9d92c06ab9ec696c74075a8d558b93eca5bc25dcc9dd19

➜  oss git:(irbekrm/docim) ✗ kubectl get pod -n tailscale ts-theservice-7vmgw-0 -o yaml | grep image
    image: us-central1-docker.pkg.dev/tailscale-sandbox/percy-images/proxy-dev:v0.0.11
    imagePullPolicy: Always
    image: us-central1-docker.pkg.dev/tailscale-sandbox/percy-images/proxy-dev:v0.0.11
    imagePullPolicy: IfNotPresent
    image: us-central1-docker.pkg.dev/tailscale-sandbox/percy-images/proxy-dev:v0.0.11
    imageID: us-central1-docker.pkg.dev/tailscale-sandbox/percy-images/proxy-dev@sha256:b9c479af8e0e1ec8edadcc75ea004afed12fd3354d9c7ca62e463c997bc94845
    image: us-central1-docker.pkg.dev/tailscale-sandbox/percy-images/proxy-dev:v0.0.11
    imageID: us-central1-docker.pkg.dev/tailscale-sandbox/percy-images/proxy-dev@sha256:b9c479af8e0e1ec8edadcc75ea004afed12fd3354d9c7ca62e463c997bc94845