Create Gatekeeper Policy to Verify All Helm Chart Resources are Produced from Helm Chart Collator

[lb4368]

Problem description
With the delivery of the Gatekeeper manifest function (#167) and a manifest structure for constraint templates and constraints (#174), we would like to demonstrate a policy implementation and auditing within treasuremap. As an initial example, we would like a policy that validates that all helm chart resources used within a site deployment are produced from the helm-chart-collator managed within treasuremap.

Proposed change

1. Create a Gatekeeper constraint template that allows for restricting HelmRelease sources to specified sources.
2. Create a Gatekeeper constraint to restrict HelmRelease source to the helm-chart-collator/collator HelmRepository. GitRepository and Bucket sources should also be disallowed.
3. Deliver the constraint template and constraint during the workload phase or some new gating phase.
4. Provide capability to report violations during treasuremap gating. See Gatekeeper audit.