Add pg_ident.conf passthrough field to Patroni spec

[The127]

Patroni already supports pg_ident.conf natively under postgresql.pg_ident (a list of lines, same shape as pg_hba). This PR exposes it through the Postgresql CRD so users can configure ident maps from the manifest, mirroring the existing pg_hba passthrough (#361).

Use cases: cert auth with map=... (mapping client cert SAN/CN to PG roles), GSS principal stripping, PAM username rewrites, peer auth maps. Anywhere a pg_hba line uses map=mapname, you currently can't supply the mapping rules without forking.

Implementation mirrors pg_hba:

• PgIdent []string on the Patroni struct
• written into the local Patroni postgresql config (so changes propagate via the Patroni REST API on manifest update, not only at bootstrap)
• diff-and-set in checkAndSetGlobalPostgreSQLConfiguration

Validation is delegated to Patroni/Postgres on reload, same as pg_hba. The operator doesn't parse the lines.

Known Patroni quirk (not introduced by this PR)

On fresh initdb bootstrap, Patroni stages pg_ident in its local config but doesn't flush it to pg_ident.conf until the first reload. bootstrap.py's initdb path calls append_pg_hba() but has no equivalent replace_pg_ident() call. Subsequent config changes (including no-op reconciles) flush it correctly. Verified end-to-end on minikube with this PR's code.

This is upstream Patroni, not the operator. Fix filed at patroni/patroni#3596.

Checklist

• Code formatted (gofmt)
• Generated code updated via make codegen (deepcopy + both CRD yamls)
• CRD validation, sample manifest, and reference docs updated
• Unit tests extended (k8sres_test.go, util_test.go)
• No overlapping open PRs