feat(RELEASE-2158): add self-hosted Quay e2e test

Add a new e2e test pipeline that validates push-to-external-registry
works with self-hosted Quay. Unlike other e2e tests which use the
stage cluster, this one uses an ephemeral Kind cluster where Quay is
deployed and used for testing.

The test runs an inline taskSpec that clones release-service-catalog
at the PR's commit SHA and runs a test-kind.sh script directly,
keeping e2e test ownership in this repo. The pipeline discovery
script is updated so the test triggers alongside
push-to-external-registry changes.

Two changes were made to the push-to-external-registry pipeline to
ensure its compatibility with self-hosted Quay:
- Mount the ca-bundle.crt from trusted-ca configmap to
  /etc/ssl/certs/. This ensures that the self-signed CA cert of the
  internal Quay instance is known to 3rd party tools like skopeo
  and cosign. Without it, the tools would fail with a TLS error.
- Update regexes to support a Quay URL with a port number. The
  regexes assumed only one ":" would be present in the url.

Several other changes were made to support this functionality:
- Mounting the CA bundle in Conforma task[1]
- Support self-hosted Quay deployment in the Kind cluster[2]
- Add init-quay task and skip-quay parameter[3]

[1] conforma/cli#3148
[2] konflux-ci/konflux-ci#5689
[3] konflux-ci/tekton-integration-catalog#272

Assisted-by: Cursor
Signed-off-by: Lubomir Gallovic <lgallovi@redhat.com>

Author: querti

integration-tests/lib/test-functions.sh

@@ -523,6 +523,70 @@ wait_for_plr_to_complete() {
     echo "PipelineRun URL: $(get_build_pipeline_run_url "${tenant_namespace}" "${application_name}" "${component_push_plr_name}")"
 }
 
+# Function to diagnose a failed PipelineRun by printing conditions, TaskRun summaries,
+# and logs from failed TaskRuns.
+# Arguments:
+#   $1: PipelineRun name
+#   $2: namespace
+diagnose_failed_pipelinerun() {
+    local plr_name="$1"
+    local namespace="$2"
+
+    echo ""
+    echo "=== Diagnosing failed PipelineRun: ${plr_name} ==="
+
+    echo "  PipelineRun conditions:"
+    kubectl get pipelinerun "${plr_name}" -n "${namespace}" \
+        -o jsonpath='{range .status.conditions[*]}    Type={.type}  Status={.status}  Reason={.reason}{"\n"}    Message={.message}{"\n"}{end}' \
+        2>/dev/null || true
+
+    echo ""
+    echo "  TaskRun summary:"
+    kubectl get taskruns -n "${namespace}" \
+        -l "tekton.dev/pipelineRun=${plr_name}" \
+        -o custom-columns='TASK:.metadata.labels.tekton\.dev/pipelineTask,STATUS:.status.conditions[0].reason,MESSAGE:.status.conditions[0].message' \
+        2>/dev/null || true
+
+    echo ""
+    local failed_taskruns
+    failed_taskruns=$(kubectl get taskruns -n "${namespace}" \
+        -l "tekton.dev/pipelineRun=${plr_name}" \
+        -o jsonpath='{.items[?(@.status.conditions[0].status=="False")].metadata.name}' \
+        2>/dev/null || true)
+
+    if [ -z "${failed_taskruns}" ]; then
+        echo "  No individually failed TaskRuns found. Check PipelineRun conditions above."
+        return
+    fi
+
+    for tr_name in ${failed_taskruns}; do
+        local task_label
+        task_label=$(kubectl get taskrun "${tr_name}" -n "${namespace}" \
+            -o jsonpath='{.metadata.labels.tekton\.dev/pipelineTask}' 2>/dev/null || echo "unknown")
+
+        echo "  --- Failed task: ${task_label} (TaskRun: ${tr_name}) ---"
+
+        local error_msg
+        error_msg=$(kubectl get taskrun "${tr_name}" -n "${namespace}" \
+            -o jsonpath='{.status.conditions[0].message}' 2>/dev/null || true)
+        echo "  Error: ${error_msg}"
+
+        echo "  Logs (last 50 lines):"
+        if command -v tkn &>/dev/null; then
+            tkn taskrun logs "${tr_name}" -n "${namespace}" 2>/dev/null | tail -50 | sed 's/^/    /' || true
+        else
+            local pod_name
+            pod_name=$(kubectl get taskrun "${tr_name}" -n "${namespace}" \
+                -o jsonpath='{.status.podName}' 2>/dev/null || true)
+            if [ -n "${pod_name}" ]; then
+                kubectl logs "${pod_name}" -n "${namespace}" --all-containers --tail=50 \
+                    2>/dev/null | sed 's/^/    /' || true
+            fi
+        fi
+        echo ""
+    done
+}
+
 # Function to wait for Releases to complete
 # Relies on global variables: component_push_plr_name, tenant_namespace, SUITE_DIR
 wait_for_releases() {