refactor: redesign E2E to use custom Docker image instead of PVC/kubectl

Replace the PVC + kubectl-patch approach for E2E plugin deployment with
a custom Docker image that has the plugin pre-installed. This eliminates
all policy-violating operations:

- No PVCs in kube-system
- No kubectl exec/cp to Headlamp pods
- No deployment patching via kubectl
- No temporary pods or ConfigMap-based file transfers

The new approach builds a Headlamp image with the plugin baked in
(Dockerfile.e2e), deploys it as a dedicated instance in the headlamp-e2e
namespace via Helm, and tears it down after tests complete.

RBAC is scoped to the headlamp-e2e namespace instead of kube-system.

Note: .github/workflows/e2e.yaml still needs updating to use the new
scripts — that change is delegated to Hugh (CI/CD owner).

Closes: privilegedescalation/headlamp-polaris-plugin#72

Co-Authored-By: Paperclip <noreply@paperclip.ing>

Dockerfile.e2e

@@ -0,0 +1,16 @@
+# Dockerfile.e2e
+#
+# Builds a Headlamp image with the polaris plugin pre-installed.
+# Used by E2E tests — not for production distribution (use ArtifactHub).
+#
+# Usage:
+#   npm run build
+#   docker build -f Dockerfile.e2e -t ghcr.io/privilegedescalation/headlamp-polaris-e2e:sha-abc123 .
+#
+# The plugin dist/ must be built before running docker build.
+
+ARG HEADLAMP_VERSION=latest
+FROM ghcr.io/headlamp-k8s/headlamp:${HEADLAMP_VERSION}
+
+COPY dist/ /headlamp/plugins/headlamp-polaris/
+COPY package.json /headlamp/plugins/headlamp-polaris/