Add service annotations support to gateway chart

[varunarya002]

Summary

This PR adds support for setting annotations on the Trino Gateway Service resource. It also ensures that annotations added to the Service metadata do not unintentionally leak into the Service spec.

Motivation

In many Kubernetes environments (like AWS EKS, GCP GKE, or Azure AKS), exposing the Trino Gateway using a LoadBalancer service type requires setting specific annotations on the Service object (e.g., service.beta.kubernetes.io/load-balancer-type: external or AWS ACM certificate ARNs).

Previously, the gateway chart passed the entire service block from values.yaml directly into the Service spec, meaning annotations could not be cleanly defined in the metadata without leaking into the spec and causing validation errors.

Changes

• Added service.annotations to values.yaml with an empty default.
• Updated templates/service.yaml to dynamically render annotations under metadata.
• Added unset logic in templates/service.yaml to strip the annotations key from the $spec dictionary before rendering it into the Service spec.
• Added an in-cluster helm test (test-service-annotations.yaml) that uses the Kubernetes API to validate that:
  • Annotations are correctly applied to the Service metadata.
  • Annotations do not leak into the Service spec.
  • The Service type matches the configured value.

Testing Done

• Validated locally using helm template to ensure clean separation of metadata and spec.
• Successfully ran the newly added helm test against a live cluster. The test uses a Python script (via urllib) executed from a Pod with a least-privilege ServiceAccount to query the Kubernetes API directly.