Resolves: #34771
This moves away from relying on discontinued bitnami charts and instead
adds a small mysql chart, a valkey/redis chart and a brief guide update
on how to migrate from one to the other.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Helm chart bumped to v7.0.0.
* Replaced Redis with Valkey as the caching backend and added Valkey
configuration options.
* Added an optional embedded MySQL chart with configurable auth,
persistence, service, and credentials handling.
* **Chores**
* CI now adds the Valkey Helm repository and builds chart dependencies
before templating.
* .gitignore adjusted to only ignore packaged chart archives (*.tgz).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: georgekarrv <1501415+georgekarrv@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded security protections across build and deployment workflows
for enhanced runner environment hardening.
* Strengthened CI/CD infrastructure security measures throughout
automated processes.
* No direct user-facing changes.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
* Added explicit read permissions + tweaked permissions
As a part of #4698 - this should fix the remaining warnings we get from the OSSF scorecard in relation to github workflows. They now all have explicit read permissions with more granular permissions granted in jobs.
* Update tfsec.yml
New workflow that I had not fixed in this PR.
Providing a Helm chart makes it easier for users to deploy to Kubernetes.
I think this is good to go, and I've tested deploying to Kind and GKE using the GKE ingress, sql proxy, and managed certificate, but I haven't tested anything AWS related.
