feat(helm): add Pipelock ConfigMap, scanning config, and consolidate compose (#1064)

* feat(helm): add Pipelock ConfigMap, scanning config, and consolidate compose

- Add ConfigMap template rendering DLP, response scanning, MCP input/tool
  scanning, and forward proxy settings from values
- Mount ConfigMap as /etc/pipelock/pipelock.yaml volume in deployment
- Add checksum/config annotation for automatic pod restart on config change
- Gate HTTPS_PROXY/HTTP_PROXY env injection on forwardProxy.enabled (skip
  in MCP-only mode)
- Use hasKey for all boolean values to prevent Helm default swallowing false
- Single source of truth for ports (forwardProxy.port/mcpProxy.port)
- Pipelock-specific imagePullSecrets with fallback to app secrets
- Merge standalone compose.example.pipelock.yml into compose.example.ai.yml
- Add pipelock.example.yaml for Docker Compose users
- Add exclude-paths to CI workflow for locale file false positives

* Add CHANGELOG entry for Pipelock security proxy integration

* Missed v0.6.8 release

---------

Co-authored-by: Juan José Mata <jjmata@jjmata.com>

.github/workflows/pipelock.yml

@@ -20,5 +20,7 @@ jobs:
         uses: luckyPipewrench/pipelock@v1
         with:
           scan-diff: 'true'
-          fail-on-findings: 'false'
+          fail-on-findings: 'true'
           test-vectors: 'false'
+          exclude-paths: |
+            config/locales/views/reports/