fix(values): added ignores for istiod-managed validating webhook fields

General MR

Summary

This MR sets flux to ignore changes to the failurePolicy of istio's validating webhooks. These are designed to be deployed via helm with a value of Ignore and then, once istiod reaches a steady-state, it modifies them to Fail.

Relevant logs/screenshots

Before:

❯ kubectl get events -n bigbang -o json | jq --arg since "$(date -d '5 minutes ago' -u +%Y-%m-%dT%H:%M:%SZ)" '.items[] | select(.reason == "DriftDetected
") | select(.lastTimestamp >= $since) | {type: .type, reason: .reason, object: .involvedObject.name, message: .message, time: .lastTimestamp}'
{
  "type": "Warning",
  "reason": "DriftDetected",
  "object": "istio-crds",
  "message": "Cluster state of release istio-system/istio-crds.v1 has drifted from the desired state:\nValidatingWebhookConfiguration/istiod-default-vali
dator changed (0 additions, 1 changes, 0 removals)",
  "time": "2025-06-09T15:35:09Z"
}
{
  "type": "Warning",
  "reason": "DriftDetected",
  "object": "istiod",
  "message": "Cluster state of release istio-system/istiod.v1 has drifted from the desired state:\nValidatingWebhookConfiguration/istio-validator-istio-s
ystem changed (0 additions, 1 changes, 0 removals)",
  "time": "2025-06-09T15:35:14Z"
}

After:

❯ kubectl get events -n bigbang -o json | jq --arg since "$(date -d '5 minutes ago' -u +%Y-%m-%dT%H:%M:%SZ)" '.items[] | select(.reason == "DriftDetected
") | select(.lastTimestamp >= $since) | {type: .type, reason: .reason, object: .involvedObject.name, message: .message, time: .lastTimestamp}'

Linked Issue

Closes #2782 (closed)

Upgrade Notices

N/A