feat(helm): add hash cache persistence support

[amascia-gg]

Summary

• Adds PVC-based persistence for the scrypt hash cache so it survives across CronJob runs
• Only the inventory CronJob gets the cache mount (ping/sync don't hash)
• Adds persistence section to values.yaml, values.schema.json, and templates
• Includes 11 helm-unittest test cases covering PVC creation, env var injection, volumeMount, existingClaim, and disabled state

Changes

File	What
values.yaml	New persistence block: enabled, storageClassName, size, existingClaim
values.schema.json	Schema definition for IDE completion + validation
templates/persistentvolumeclaim.yaml	Creates PVC when persistence.enabled && !existingClaim
templates/_cronjob.tpl	Conditionally injects HASH_CACHE_PATH env, volumeMount, and PVC volume
templates/cronjob_inventory.yaml	Passes use_cache_pvc: true to shared template
tests/persistence_test.yaml	11 test cases across 2 suites
Chart.yaml	Version bump 0.5.14 → 0.5.15

Usage

persistence:
  enabled: true          # creates PVC, mounts it, sets HASH_CACHE_PATH
  # storageClassName: "" # optional, defaults to cluster default
  # size: 100Mi          # optional, 64 bytes/entry → 100Mi handles ~1.6M secrets
  # existingClaim: ""    # optional, use pre-existing PVC instead of creating one

Without persistence.enabled, behavior is unchanged — secrets are hashed from scratch every run.

Test plan

• helm unittest charts/ggscout — all 40 tests pass (11 new persistence tests)
• helm template renders correctly with and without persistence
• Deployed to eks-sandbox-01 with persistence.enabled: true — cold run: 0 hits/40 misses, warm run: 40 hits/0 misses

In eks-sandbox-01:

[linear]

NHI-1429 ggscout hash cache implementation