[Multi_K8s-Plugin] Add initializer hook for Helm repo and OCI registry auth

[mohammedfirdouss]

What this PR does:
Adds an initializer hook to the kubernetes_multicluster plugin, bringing it to parity with the single-cluster kubernetes plugin.

At plugin startup, the initializer:

1. Registers any HTTP Helm chart repositories configured in the piped config (helm repo add + helm repo update)
2. Logs in to any OCI Helm chart registries configured in the piped config (helm registry login)

This also introduces KubernetesPluginConfig (with chartRepositories and chartRegistries fields) as the plugin-level config type, replacing sdk.ConfigNone across the deployment, livestate, and plan-preview plugin interfaces.

Why we need it:
Without this, users of the multicluster plugin deploying from private Helm chart repositories or OCI registries would get a 401 Unauthorized error at manifest load time with no clear way to provide credentials. The single-cluster plugin has supported this since its initializer was added the multicluster plugin was missing the equivalent.

Which issue(s) this PR fixes:

Fixes #6446

Does this PR introduce a user-facing change?:

• How are users affected by this change: Users can now configure chartRepositories and chartRegistries in their piped plugin config for the multicluster plugin, enabling deployments from private Helm repositories and OCI registries.
• Is this breaking change: No
• How to migrate (if breaking change): N/A

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 33.25%. Comparing base (a3fa0e0) to head (eaa1f62).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6723      +/-   ##
==========================================
+ Coverage   29.48%   33.25%   +3.76%     
==========================================
  Files         593       45     -548     
  Lines       63440     2977   -60463     
==========================================
- Hits        18706      990   -17716     
+ Misses      43289     1936   -41353     
+ Partials     1445       51    -1394     

Flag	Coverage Δ
.	?
.-pkg-app-pipedv1-plugin-analysis	?
.-pkg-app-pipedv1-plugin-ecs	31.82% <ø> (ø)
.-pkg-app-pipedv1-plugin-kubernetes	?
.-pkg-app-pipedv1-plugin-kubernetes_multicluster	?
.-pkg-app-pipedv1-plugin-scriptrun	?
.-pkg-app-pipedv1-plugin-terraform	37.95% <ø> (ø)
.-pkg-app-pipedv1-plugin-wait	33.04% <ø> (ø)
.-pkg-app-pipedv1-plugin-waitapproval	52.71% <ø> (ø)
.-pkg-plugin-sdk	?
.-tool-actions-gh-release	?
.-tool-actions-plan-preview	?
.-tool-codegen-protoc-gen-auth	0.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mohammedfirdouss]

@Warashi Please look when you have time for review.

[Warashi]

Almost LGTM.
The one point I have a concern about is the password handling.

[Warashi]

LGTM

[github-actions]

Thank you for contributing to PipeCD! The changes in this pull request will be part of the upcoming release!