feat: add support for External Secrets Operator in Helm chart

[strelok89]

Problem

Currently, the Marquez Helm chart requires the PostgreSQL password to be provided either as a plaintext value in values.yaml or through a manually created Kubernetes Secret. This makes it difficult for users
who rely on the External Secrets Operator (ESO) to manage sensitive credentials via external providers like AWS Secrets Manager, HashiCorp Vault, or Google Secret Manager.

Solution

I have integrated support for the External Secrets Operator (ESO) into the Helm chart. This was achieved by:

1. Adding a new externalSecrets configuration block in values.yaml to define the connection to a SecretStore.
2. Creating a new ExternalSecret template (templates/marquez/external-secret.yaml) that dynamically maps remote keys to the internal secret structure used by Marquez.
3. Updating the existing templates/marquez/secret.yaml to conditionally disable local secret creation when ESO is enabled, preventing resource conflicts.
4. Utilizing existing helper functions (marquez.postgresql.secretName and marquez.database.existingsecret.key) to ensure that the Deployment automatically picks up the password regardless of whether an
   internal or external database is used.

One-line summary:

Checklist

• You've signed-off your work
• Your changes are accompanied by tests (if relevant)
• Your change contains a small diff and is self-contained
• You've updated any relevant documentation (if relevant)
• You've included a one-line summary of your change for the CHANGELOG.md (Depending on the change, this may not be necessary).
• You've versioned your .sql database schema migration according to Flyway's naming convention (if relevant)
• You've included a header in any source code files (if relevant)

[boring-cyborg]

Thanks for opening your first pull request in the Marquez project! Please check out our contributing guidelines (https://github.com/MarquezProject/marquez/blob/main/CONTRIBUTING.md).

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.18%. Comparing base (180f37b) to head (b1326c0).

Additional details and impacted files

@@            Coverage Diff            @@
##               main    #3107   +/-   ##
=========================================
  Coverage     81.18%   81.18%           
  Complexity     1506     1506           
=========================================
  Files           268      268           
  Lines          7356     7356           
  Branches        325      325           
=========================================
  Hits           5972     5972           
  Misses         1226     1226           
  Partials        158      158           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.