fix(openhands): dedupe RESEND_API_KEY in resend-sync cronjob

[jlav]

Description

The resend-sync cronjob declares RESEND_API_KEY twice: hardcoded in the cronjob template, and again via the shared openhands.env block (when resend.enabled). Kubernetes tolerates duplicate env names, so helm/CI never flagged it. But ArgoCD's server-side-apply diff treats env as a map keyed by name and rejects the duplicate, which blocks syncing the production openhands app.

This drops the redundant hardcoded entry; the cronjob gets RESEND_API_KEY from openhands.env. resend is enabled in every environment that runs this cronjob, so there's no case that needs the hardcoded fallback. No runtime change: the openhands.env copy already wins today.

Helm Chart Checklist

• I have updated the version field in Chart.yaml for each modified chart
• I have tested the chart upgrade path from the previous version
• I have verified backwards compatibility with existing values.yaml configurations
• I have updated the chart's README.md if there are any breaking changes or new required values

Additional Notes

Validated by rendering the resend-sync cronjob: exactly one RESEND_API_KEY, same secret ref as before. No live helm upgrade run, and no new/changed values (so no README change). Consuming this in saas-deploy (prod dependency bump to 0.7.67) is being handled separately.