Soft-disable imagescan

[weyfonk]

Imagescan was developed as an experimental feature, and has not been maintained much nor received many enhancement requests since then.

Therefore, we think it would make sense to disable it, including its controller, by default.

Acceptance criteria:

• A new Helm value is added, such as imagescan.enabled, and set to false by default.
• When that value is set to true, imagescan works as it currently does.
• When that value is set to false:
  • the imagecan controller is not instantiated (internal/cmd/controller/operator.go)
  • the GitRepo imagescan indexer (AddImageScanGitRepoIndexer) is not created (internal/cmd/controller/gitops/operator.go)
  • the gitOps controller:
    • when handling GitRepo deletion, skips looking for imagescan jobs, nor does it list image scans to delete (internal/cmd/controller/gitops/reconciler/gitjob_controller.go)
      • [Optional] when creating/updating a role, does not add imagescans to supported resources (internal/cmd/controller/gitops/reconciler/rbac.go)
  • the bundle reader (internal/bundlereader/read.go):
    • skips iterating over imagescan items in fleet.yaml or similar config files
    • warns about such items being skipped, for instance through a log message?

[weyfonk]

• Document this change in Fleet docs
• Mention it as a breaking change in Fleet release notes
• Mention it as a breaking change in Rancher release notes