Restrict schema for istioGateway values to valid values

We had some folks confused about how to target the istio gateway values from umbrella. The way the istioGateway package rolls out multiple HelmReleases (with distinct values based on each item in `gateways), can be a bit of a rough edge.

• https://bigbanguniver-ft39451.slack.com/archives/C051A2BPS0K/p1764707942679219
• https://repo1.dso.mil/big-bang/bigbang/-/issues/3061#note_4376415

Users were attempting set values like:

istioGateway:
  enabled: true
  sourceType: helmRepo

  values:
    waitJob:
      scripts:
        image: "harbor.health.mil/registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.33.4"

When the correct value would be:

istioGateway:
  enabled: true
  sourceType: helmRepo
  
  values:
    gateways:
      passthrough:
        waitJob:
          image: "harbor.health.mil/registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.33.4"

We should add some basic constraints in the schema around the istioGateway values to aid users in correctly targeting the underlying istio gateway Helm charts.

A simple solution could be restricting the istioGateway.values.gateways to be the only possible key under istioGateway.values.