feat: enhance openshift support (#1063)

### Description of the change

Add options to values.yaml to make chart easier to install in restricted openshift environments

### Benefits

more people can run this

### Checklist

<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->

- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [ ] Breaking changes are documented in the `README.md`
- [x] Helm templating unittests are added (required when changing anything in `templates` folder)
- [ ] Bash unittests are added (required when changing anything in `scripts` folder)
- [x] All added template resources MUST render a namespace in metadata

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/1063
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-committed-by: techknowlogick <techknowlogick@gitea.com>

values.yaml

@@ -62,9 +62,14 @@ imagePullSecrets: []
 
 ## @section Security
 # Security context is only usable with rootless image due to image design
-## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
-podSecurityContext:
-  fsGroup: 1000
+## @param openshift.enabled Enable OpenShift compatibility defaults for chart-managed pods. Defaults to auto-detect based on the SecurityContextConstraints API.
+## @param openshift.hostUsers Override the PodSpec hostUsers field for chart-managed pods. Defaults to `false` when OpenShift compatibility is enabled.
+openshift:
+  enabled: null
+  hostUsers: null
+
+## @param podSecurityContext Pod security context. On non-OpenShift clusters the chart defaults `fsGroup` to `1000` when this map is empty.
+podSecurityContext: {}
 
 ## @param containerSecurityContext Security context
 containerSecurityContext: {}
@@ -177,6 +182,32 @@ ingress:
   #    hosts:
   #      - git.example.com
 
+## @section Route
+## @param route.enabled Enable OpenShift Route
+## @param route.annotations Route annotations
+## @param route.host Route host. When unset, OpenShift may generate one and Gitea URL defaults fall back to ingress/service values.
+## @param route.path Route path
+## @param route.wildcardPolicy Route wildcard policy
+## @param route.tls.termination Route TLS termination type
+## @param route.tls.insecureEdgeTerminationPolicy Route insecure edge termination policy
+## @param route.tls.key Route TLS key
+## @param route.tls.certificate Route TLS certificate
+## @param route.tls.caCertificate Route TLS CA certificate
+## @param route.tls.destinationCACertificate Route destination CA certificate
+route:
+  enabled: false
+  annotations: {}
+  host: ""
+  path: ""
+  wildcardPolicy: None
+  tls:
+    termination:
+    insecureEdgeTerminationPolicy:
+    key:
+    certificate:
+    caCertificate:
+    destinationCACertificate:
+
 ## @section deployment
 #
 ## @param resources Kubernetes resources