feat: transformer account and service backward compatibility

[zijiren233]

Background

When upgrading from KubeBlocks 0.8 to 0.9, the account and service naming conventions have changed:

• Account: 0.8 uses {cluster}-conn-credential secret, 0.9 uses {cluster}-{component}-account-{accountName} secret
• Service: 0.8 uses {cluster}-{component} format, 0.9 uses {cluster}-{component}-{serviceName} format

This causes issues during upgrade:

1. New account secrets are created with different passwords, breaking existing connections
2. Legacy services may be incorrectly deleted, causing service disruption

Problem

Account Issue

• When upgrading from 0.8 to 0.9, if the new account secret is deleted (manually or by accident), it gets recreated with a new random password
• The legacy password stored in the old {cluster}-conn-credential secret is not preserved
• This breaks database connections for applications using the old credentials

Service Issue

• During component reconciliation, the controller may delete services that don't match current ComponentServices definitions
• Legacy services with the {cluster}-{component} format are treated as orphaned and deleted
• This causes service interruption for clients using the legacy service names

Solution

Account Transformer (transformer_component_account.go)

Added getPasswordFromLegacySecret() method:

• When creating a new account, first check if a legacy {cluster}-conn-credential secret exists
• If found, extract the password from the password field
• Use the legacy password for the new account instead of generating a random one
• Ensures password consistency across versions

Service Transformer (transformer_component_service.go)

Added isLegacyService() method:

• Before deleting a service, check if it matches the legacy naming format {cluster}-{component}
• Verify that no current ComponentServices definition would generate the same name
• If both conditions are true, skip deletion and preserve the legacy service
• Only delete services that are truly orphaned

Testing

Account Test

1. Create a Redis cluster on 0.9.3
2. Create a legacy secret: test-redis-conn-credential with password legacy-password-123
3. Delete the new account secret: test-redis-redis-account-default
4. Verify the recreated account uses the legacy password

Service Test

1. Create a Redis cluster on 0.9.3
2. Manually create a legacy service: test-redis-redis with ownerReference
3. Trigger component reconciliation
4. Verify the legacy service is not deleted

Impact

• Ensures smooth upgrade path from 0.8 to 0.9
• Prevents connection disruption during account secret recreation
• Preserves legacy services to avoid client impact
• No breaking changes for new installations

[dinoallo]

LGTM