feat: Add configurable password policy for PostgresUser

[pretzelmaker]

This PR introduces a comprehensive and configurable password generation policy for the PostgresUser resource as proposed at #289. It addresses the need for stricter security compliance (e.g., minimum complexity requirements) and compatibility with legacy applications (e.g., ensuring passwords start with a letter).

Key Features:

1. Global Operator Configuration:

• Introduces new environment variables to set default password policies for all users managed by an operator instance.

• New Env Vars:

  • POSTGRES_DEFAULT_PASSWORD_LENGTH (Default: 15)
  • POSTGRES_DEFAULT_PASSWORD_MIN_LOWER
  • POSTGRES_DEFAULT_PASSWORD_MIN_UPPER
  • POSTGRES_DEFAULT_PASSWORD_MIN_NUMERIC
  • POSTGRES_DEFAULT_PASSWORD_MIN_SPECIAL
  • POSTGRES_DEFAULT_PASSWORD_EXCLUDE_CHARS
  • POSTGRES_DEFAULT_PASSWORD_ENSURE_FIRST_LETTER

2. Per-CRD Override:

• Updates the PostgresUser CRD to allow overriding the default 15 character alphanumeric password generator via a new spec.passwordPolicy field.

3. Enhanced Generator Logic:

• Refactors [pkg/utils/random.go] to support granular complexity requirements (min counts for character classes) and character exclusion.
• Includes a "Fail Fast" mechanism: The operator will verify configuration on startup and panic if invalid integer values are provided, preventing silent misconfiguration.

4. Helm Chart Updates:

• Bumps chart version to 3.1.0 and app version to 2.5.0.
• Exposes all new configuration options in [values.yaml] under postgres.passwordPolicy.

Testing:

• Added comprehensive unit tests in [pkg/utils/random_test.go] covering:
  • Default behavior (backwards compatibility).
  • Length validation.
  • Character class minimums.
  • Character exclusion.
  • "Ensure first letter" logic.
• Ran make fmt, make vet, and make generate to ensure code quality and up-to-date generated files.

This PR will close #289