feat: enhance openshift support (#1063)

### Description of the change

Add options to values.yaml to make chart easier to install in restricted openshift environments

### Benefits

more people can run this

### Checklist

<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->

- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [ ] Breaking changes are documented in the `README.md`
- [x] Helm templating unittests are added (required when changing anything in `templates` folder)
- [ ] Bash unittests are added (required when changing anything in `scripts` folder)
- [x] All added template resources MUST render a namespace in metadata

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/1063
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-committed-by: techknowlogick <techknowlogick@gitea.com>

templates/gitea/deployment.yaml

@@ -43,6 +43,11 @@ spec:
         {{- toYaml .Values.deployment.labels | nindent 8 }}
         {{- end }}
     spec:
+      {{- $hostUsers := include "gitea.hostUsers" . | trim }}
+      {{- $podSecurityContext := include "gitea.podSecurityContext" . | trim }}
+      {{- $containerSecurityContext := include "gitea.containerSecurityContext" (list . (deepCopy .Values.containerSecurityContext)) | trim }}
+      {{- $commandInitContainerSecurityContext := include "gitea.commandInitContainerSecurityContext" (list . (deepCopy .Values.containerSecurityContext)) | trim }}
+      {{- $runtimeContainerSecurityContext := include "gitea.runtimeContainerSecurityContext" . | trim }}
       {{- if .Values.schedulerName }}
       schedulerName: "{{ .Values.schedulerName }}"
       {{- end }}
@@ -52,9 +57,14 @@ spec:
       {{- if .Values.priorityClassName }}
       priorityClassName: "{{ .Values.priorityClassName }}"
       {{- end }}
+      {{- if $hostUsers }}
+      hostUsers: {{ $hostUsers }}
+      {{- end }}
       {{- include "gitea.images.pullSecrets" . | nindent 6 }}
+      {{- if $podSecurityContext }}
       securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+        {{- $podSecurityContext | nindent 8 }}
+      {{- end }}
       initContainers:
         {{- if .Values.preExtraInitContainers }}
         {{- toYaml .Values.preExtraInitContainers | nindent 8 }}
@@ -91,8 +101,10 @@ spec:
               subPath: {{ .Values.persistence.subPath }}
               {{- end }}
             {{- include "gitea.init-additional-mounts" . | nindent 12 }}
+          {{- if $containerSecurityContext }}
           securityContext:
-            {{- toYaml .Values.containerSecurityContext | nindent 12 }}
+            {{- $containerSecurityContext | nindent 12 }}
+          {{- end }}
           resources:
             {{- toYaml .Values.initContainers.resources | nindent 12 }}
         - name: init-app-ini
@@ -144,8 +156,10 @@ spec:
               mountPath: "/env-to-ini-mounts/additionals/{{ $idx }}/"
             {{- end }}
             {{- include "gitea.init-additional-mounts" . | nindent 12 }}
+          {{- if $containerSecurityContext }}
           securityContext:
-            {{- toYaml .Values.containerSecurityContext | nindent 12 }}
+            {{- $containerSecurityContext | nindent 12 }}
+          {{- end }}
           resources:
             {{- toYaml .Values.initContainers.resources | nindent 12 }}
         {{- if .Values.signing.enabled }}
@@ -162,13 +176,10 @@ spec:
           - "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh"
           {{- end }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if $commandInitContainerSecurityContext }}
           securityContext:
-            {{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
-            {{- $csc := deepCopy .Values.containerSecurityContext -}}
-            {{- if not (hasKey $csc "runAsUser") -}}
-            {{- $_ := set $csc "runAsUser" 1000 -}}
-            {{- end -}}
-            {{- toYaml $csc | nindent 12 }}
+            {{- $commandInitContainerSecurityContext | nindent 12 }}
+          {{- end }}
           env:
             - name: GNUPGHOME
               value: {{ .Values.signing.gpgHome }}
@@ -204,13 +215,10 @@ spec:
           - "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh"
           {{- end }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if $commandInitContainerSecurityContext }}
           securityContext:
-            {{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
-            {{- $csc := deepCopy .Values.containerSecurityContext -}}
-            {{- if not (hasKey $csc "runAsUser") -}}
-            {{- $_ := set $csc "runAsUser" 1000 -}}
-            {{- end -}}
-            {{- toYaml $csc | nindent 12 }}
+            {{- $commandInitContainerSecurityContext | nindent 12 }}
+          {{- end }}
           env:
             - name: GITEA_APP_INI
               value: /data/gitea/conf/app.ini
@@ -368,13 +376,10 @@ spec:
           {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          {{- if $runtimeContainerSecurityContext }}
           securityContext:
-            {{- /* Honor the deprecated securityContext variable when defined */ -}}
-            {{- if .Values.containerSecurityContext -}}
-            {{ toYaml .Values.containerSecurityContext | nindent 12 -}}
-            {{- else -}}
-            {{ toYaml .Values.securityContext | nindent 12 -}}
-            {{- end }}
+            {{- $runtimeContainerSecurityContext | nindent 12 }}
+          {{- end }}
           volumeMounts:
             - name: temp
               mountPath: /tmp