feat: add pod anti-affinity for multi-replica cloudflared connector

[conrado]

Summary

When the cloudflared connector runs with multiple replicas, pods can be scheduled on the same node — defeating the purpose of HA. This PR adds requiredDuringSchedulingIgnoredDuringExecution pod anti-affinity to the connector Deployment template so pods are spread across nodes.

• Anti-affinity is only applied when replicas > 1 (no-op for single replica)
• Added to the needsUpdate check so existing deployments pick up the change on the next reconcile cycle
• Unit tests for deployment templating, anti-affinity builder, and affinity comparison

Changes

• pkg/controller/controlled-cloudflared-connector.go:
  • buildPodAntiAffinity() — returns anti-affinity with topologyKey: kubernetes.io/hostname when replicas > 1, nil otherwise
  • affinityEqual() — compares two Affinity pointers for the needsUpdate check
  • Set Affinity in cloudflaredConnectDeploymentTemplating() PodSpec
• pkg/controller/controlled-cloudflared-connector_test.go:
  • TestCloudflaredConnectDeploymentTemplating — 4 subtests covering affinity, labels, container config
  • TestBuildPodAntiAffinity — 3 subtests for 0, 1, and multiple replicas
  • TestAffinityEqual — nil/non-nil/equal comparisons

Test plan

• All unit tests pass (go test ./pkg/controller/...)
• Deployed with 3 replicas — pods land on 3 separate nodes
• PDB with minAvailable: 2 works alongside the anti-affinity
• Single-replica deployments unaffected (no affinity set)

[codecov]

Codecov Report

❌ Patch coverage is 92.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 50.06%. Comparing base (279e68d) to head (ab05121).

Files with missing lines	Patch %	Lines
pkg/controller/controlled-cloudflared-connector.go	92.00%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           master     #297       +/-   ##
===========================================
+ Coverage   27.54%   50.06%   +22.52%     
===========================================
  Files          10       11        +1     
  Lines         697      749       +52     
===========================================
+ Hits          192      375      +183     
+ Misses        503      351      -152     
- Partials        2       23       +21     

Flag	Coverage Δ
integration	25.13% <68.00%> (?)
unit	35.87% <88.00%> (+8.32%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.