feat: add servicemonitor resource template to helm chart

[lmbaschiera]

Description

Adds an optional Prometheus Operator ServiceMonitor to the Connaisseur Helm chart so clusters running the operator can scrape Connaisseur's existing /metrics endpoint.

• New template charts/connaisseur/templates/servicemonitor.yaml, gated by kubernetes.serviceMonitor.enabled (disabled by default — no impact on existing installs).
• The endpoint is scraped over HTTPS (scheme: https) because Connaisseur serves /metrics on the same TLS listener as the webhook, using the webhook serving certificate. Scrape behaviour is configurable via new values: enabled, interval, scrapeTimeout, additionalLabels (to match the Prometheus instance's serviceMonitorSelector), and tlsConfig (defaults to insecureSkipVerify: true; users can supply a CA + serverName to verify).
• The ServiceMonitor reuses the existing connaisseur.selectorLabels so it targets the existing Service, and pins namespaceSelector to the release namespace.
• Helm unittests written (and passing) for the new resource. To run these, the unittest plugin needs to be installed.

When enabled without the monitoring.coreos.com/v1 CRD present, helm install fails loudly. This is intentional, as enabling the resource is an explicit opt-in.

Checklist

• PR is rebased to/aimed at branch develop
• PR follows Contributing Guide
• Added tests (if necessary)
• Extended README/Documentation (if necessary)
• Adjusted versions of image and Helm chart in Chart.yaml (if necessary)