Add AdmissionRequest::to_cel_request() for VAP CEL bridging

[doxxx93]

Motivation

kube-cel's vap::AdmissionRequest is a flat projection of the VAP request variable, intentionally distinct from kube_core::admission::AdmissionRequest<T> (the webhook wire type: generic over T: Resource, carrying TypeMeta, object, oldObject, etc.). Webhook handlers that already hold the wire type had no ergonomic way to feed it into client-side VAP evaluation.

Discussed in kube-rs/kube-cel#4, where we agreed on a bridge helper rather than lifting vap into kube-core (cel-rust is still 0.x and kube-cel absorbs that churn).

Solution

Add AdmissionRequest::<T>::to_cel_request() behind the cel feature, projecting the wire type into kube_cel::vap::AdmissionRequest. Webhook-only fields (object, oldObject, requestKind, subResource, options) are dropped. The carried uid is the user uid (userInfo.uid), matching VAP's request.userInfo.uid, not the round-trip request uid.

Test plan

cargo test -p kube-core --all-features --lib to_cel_request covers all four Operation variants, the userInfo.uid mapping, and GVK/GVR plus dry_run pass-through.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.7%. Comparing base (6f8d9f6) to head (dac134a).

Additional details and impacted files

@@           Coverage Diff           @@
##            main   #1991     +/-   ##
=======================================
+ Coverage   76.7%   76.7%   +0.1%     
=======================================
  Files         89      89             
  Lines       8747    8784     +37     
=======================================
+ Hits        6703    6736     +33     
- Misses      2044    2048      +4     

Files with missing lines	Coverage Δ
kube-core/src/admission.rs	80.9% <100.0%> (+19.8%)	⬆️

... and 3 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[clux]

Looks good. Thank you.