Add OpenStackAssistant CRD with MCP server support

[dprince]

Introduces a new OpenStackAssistant custom resource
(assistant.openstack.org/v1beta1) that deploys a managed Goose AI agent
pod for cluster diagnostics via Lightspeed Stack.

OpenStackAssistant CRD and controller:
- New CRD with spec fields for provider type, container image,
  Lightspeed Stack backend configuration, node selectors, and
  additional environment variables
- GooseConfig supports model selection, recipe ConfigMaps (registered
  as Goose slash commands), hints ConfigMaps (written to .goosehints),
  and MCP server references
- Controller creates a ServiceAccount, ClusterRole with read-only RBAC
  for cluster diagnostics, ClusterRoleBinding, ConfigMap with Goose
  configuration and entrypoint script, and the assistant Pod
- Watches referenced Secrets and ConfigMaps; reconciles on changes and
  tracks input hashes to detect drift
- Defaulting webhook sets the container image from an environment
  variable fallback
- Condition-based status reporting (ServiceAccount, RBAC, ConfigMap,
  Pod readiness)

MCP server sidecar support for OpenStackClient:
- New MCPConfig struct (enabled flag, containerImage) on the
  OpenStackClient CR spec
- When enabled, the OpenStackClient controller adds a rhos-mcps MCP
  server sidecar container sharing the same clouds.yaml/secure.yaml
  credential mounts
- Controller creates a ConfigMap with rhos-mcps config (openstack
  enabled, openshift disabled, allow_write: false) and a Service on
  port 8080 for the MCP endpoint
- OpenStackAssistant can reference an OpenStackClient CR by name via
  the openstackClientRef field; the controller auto-computes the
  service URL and TLS CA configuration

Tests:
- Unit tests for the OpenStackAssistant controller covering
  reconciliation, pod creation, config generation, and status
  conditions
- Unit tests for helper functions (entrypoint script generation,
  config building, hash computation)

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dprince

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [dprince]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

OpenStackControlPlane CRD Size Report

Metric	Value
CRD JSON size	333349 bytes (326KB)
Base branch size	333227 bytes
Change	+0.04%
Status	yellow — growing

Threshold reference

Color	Range	Meaning
🟢 green	< 300KB	Comfortable
🟡 yellow	300–400KB	Growing
🟠 orange	400–750KB	Concerning
🔴 red	> 750KB	Approaching 1.5MB etcd limit (cut in half to allow space for update)

[openshift-ci]

@dprince: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/precommit-check	7f4e27e	link	true	/test precommit-check

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[centosinfra-prod-github-app]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/50e3a108d0bd4408b0418e7f7c0252c8

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 24m 42s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 25m 52s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 32m 08s
❌ adoption-standalone-to-crc-ceph-provider RETRY_LIMIT in 25m 14s
✔️ openstack-operator-tempest-multinode SUCCESS in 1h 51m 21s
✔️ openstack-operator-edpm-baremetal-minor-update SUCCESS in 2h 00m 21s