Resolve "dynamic inclusion of addons in ci"

Summary

• ci: change k3s as a sidecar to k3d using (tls enabled) dockerd as a sidecar using ci created bridge networks with properly tuned mtu
• ci: add logic to enable addons based on MR labels (name must be case exact match to the helm value block)
• infra: bump ci-optimized rke2 node pool to c5d.12xlarge, resize to { min: 1, desired: 1, max: 5 }
• infra: introduce cluster-autoscaler to ci-optimized rke2 node pool and actually test it, new nodes join in ~2m but to be safe, set ci timeout to 5m
• infra: use instance storage for image ci image layers (reduces i/o bottlenecks by ~80%)
• dogfood cluster: embed dind service into the dogfood gitlab ci deployment with fixes for /etc/machine-id, dind tls, and runtime dockerd config (see here)
• dogfood cluster: deploy gitlab ci with default dns (instead of the default ClusterFirst) dns to properly resolve dind-k3d dns

Closes #258 (closed)