feat(helm): add pod-level securityContext support for certificate mounting (#19041)

**Add pod-level securityContext support to Coder Helm chart**

Adds `coder.podSecurityContext` field to enable pod-level security
settings, primarily to solve TLS certificate mounting permission issues.

**Problem**: When mounting TLS certificates from Kubernetes secrets, the
Coder process (UID 1000) cannot read the files due to restrictive
permissions.

**Solution**: Setting `podSecurityContext.fsGroup: 1000` ensures
Kubernetes sets group ownership of mounted volumes to GID 1000, allowing
the Coder process to read certificate files.

**Changes**:
- Added `podSecurityContext` field to values.yaml with documentation
- Updated `_coder.yaml` template to include pod-level security context
- Added test case and golden files
- Maintains backward compatibility (opt-in feature)

**Usage**:
```yaml
coder:
  podSecurityContext:
    fsGroup: 1000  # Enables TLS cert access
```

Fixes #19038

helm/libcoder/templates/_coder.yaml

@@ -26,6 +26,10 @@ spec:
         {{- toYaml .Values.coder.podAnnotations | nindent 8  }}
     spec:
       serviceAccountName: {{ .Values.coder.serviceAccount.name | quote }}
+      {{- with .Values.coder.podSecurityContext }}
+      securityContext:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
       restartPolicy: Always
       {{- with .Values.coder.image.pullSecrets }}
       imagePullSecrets: