feat(garak): Add integration tests for Garak remote provider

[saichandrapandraju]

Implement comprehensive integration tests for the remote mode of the llama_stack_garak_provider across three tiers:

• smoke (TestGarakRemoteQuickScan): predefined quick benchmark registration, eval job submission, status polling, and result retrieval
• tier1 (TestGarakRemoteCustomBenchmark): custom benchmark with explicit garak_config metadata, probe selection, and result validation
• tier2 (TestGarakRemoteShieldScan): shield registration with FMS guardrails orchestrator, benchmark with shield_ids, and shielded eval execution

Key changes:

• Support distribution_image override in llama_stack_server_config fixture to use specific LlamaStack 0.5.x images
• Pre-generate CR names for consistent LlamaStack service URL construction
• Add deployment namespace to NetworkPolicy allowedFrom for KFP pod access
• Add guardrails orchestrator service URL fixture for in-cluster communication
• Use provider-qualified model IDs (vllm-inference/) for LlamaStack 0.5.x
• Add eval job utilities with enhanced status logging and result validation

Made-with: Cursor

[github-actions]

The following are automatically added/executed:

• PR size label.
• Run pre-commit
• Run tox
• Add PR author as the PR assignee
• Build image based on the PR

Available user actions:

• To mark a PR as WIP, add /wip in a comment. To remove it from the PR comment /wip cancel to the PR.
• To block merging of a PR, add /hold in a comment. To un-block merging of PR comment /hold cancel.
• To mark a PR as approved, add /lgtm in a comment. To remove, add /lgtm cancel.
  lgtm label removed on each new commit push.
• To mark PR as verified comment /verified to the PR, to un-verify comment /verified cancel to the PR.
  verified label removed on each new commit push.
• To Cherry-pick a merged PR /cherry-pick <target_branch_name> to the PR. If <target_branch_name> is valid,
  and the current PR is merged, a cherry-picked PR would be created and linked to the current PR.
• To build and push image to quay, add /build-push-pr-image in a comment. This would create an image with tag
  pr-<pr_number> to quay repository. This image tag, however would be deleted on PR merge or close action.

Supported labels

{'/lgtm', '/wip', '/verified', '/cherry-pick', '/hold', '/build-push-pr-image'}

[kpunwatk]

images are commented

[saichandrapandraju]

those are just for reference and all those images have same content. As I used the tag I pasted the links with sha just to be safe

[kpunwatk]

we can use this https://github.com/opendatahub-io/opendatahub-tests/blob/d476993db9f5d471c3caf24e50eecca7df1710aa/tests/fixtures/inference.py#L89 ?

[saichandrapandraju]

can we modify that fixture to dynamically use port from svc instead of hardcoding?

[kpunwatk]

yeah you're right the fixture hardcodes the 8032 port, we could have modified the fixture but does make sense if to create a new one as per the test requirement

[kpunwatk]

why we need this fixture?

[saichandrapandraju]

We are setting up guardrails orchestrator to use for shields testing.

[kpunwatk]

then we can use the existing guardrail_orch fixtures https://github.com/opendatahub-io/opendatahub-tests/blob/292742e7d6e0113c223c4a428fdc98030dfe15f0/tests/fixtures/guardrails.py#L128 ?

[github-actions]

Status of building tag garak_inline: success.
Status of pushing tag garak_inline to image registry: failure.