Add upstreamValuesFrom which is copied to downstreams

[manno]

Users want to create one helm values secret on the upstream cluster, then re-use it on downstream clusters. The values in the secret are used to populate the chart's templates.

This is separate from an access secret, like helmSecretName, which is used to access a container registry to download charts.

For GitOps, see https://fleet.rancher.io/gitrepo-content#using-helm-values for sources of values. These include:

• Phase 1, apply: values.yaml, helm.Values, helm.valuesFiles
• Phase 2 targeting: helm.values from target customization, values templating
• Phase 3 depoy: helm.valuesFrom

For HelmOps, the values are copied and used (see Helm Ops Part 2 implementation).

Acceptance Criteria

• helm.upstreamValuesFrom is added and used in addition to existing value sources.
• the secret referenced by helm.upstreamValuesFrom is copied to the targeted downstream clusters
• the secret is removed from downstream clusters if it is no longer needed
• values are applied in the right order of precedence: helm.valuesFrom > helm.upstreamValuesFrom > helm.valuesFiles > helm.values
• can be overridden via target customization
• copies the whole secret
• can the implementation reuse an existing secret, so we don't copy many secrets to the downstream and do not create too many resources? For Example
  • can values secrets be merged before copying? (probably yes)
  • can helm access and values secrets be merged? (probably not because of key collisions)

Follow Up Stories

• cluster or workspace defaults: e.g. fixed secret 'helmvalues' (naming convention) or a field on the cluster resource
  • interaction between workspaces and Rancher project secrets?
• extend access secret mechanism to optionally create pullimage secrets on downstreams from registry credentials