feat: move secrete generation to install-<service>.sh scripts

[rackerchris]

This PR transitions the Genestack installation process from a series of imperative, standalone scripts to a unified, library-driven Orchestration Framework. The primary goal is to achieve "Zero-Touch" deployments where the scripts manage the entire lifecycle of credentials, dependencies, and parallel execution.

Key Structural Changes

1. Centralized Logic (common-functions.sh)

   Secret Lifecycle: Introduced get_or_create_secret which lazily retrieves existing credentials or generates cryptographically secure values if missing.

   Parallel Engine: Implemented run_parallel and wait_parallel to manage background processes with standardized timeout logic and error reporting.

   Dependency Mapping: Centralized pre-flight checks for tools like yq, helm, and kubectl.

2. Orchestration Strategy (setup-openstack.sh)

   Phase-Based Deployment:

    Phase 1: Keystone installation (Serialized).
   
    Phase 2: Shared Secret Pre-seeding (Prevents race conditions for MariaDB/RabbitMQ/Memcached secrets).
   
    Phase 3: Concurrent Burst (Parallel installation of all enabled services).
   
    Phase 4: Finalization (Skyline Dashboard).
   

   Configuration: Deployment plan is now declaratively defined in /etc/genestack/openstack-components.yaml.

3. Service Modernization

   Zaqar, Nova, Neutron: Refactored to use the new template.

   Nova SSH: Specialized logic added to handle RSA key-pair generation.

   Metadata Consistency: Nova and Neutron now share the same metadata-shared-secret automatically.

*** BREAKING CHANGES & RELEASE NOTES

Library Dependency: All install-*.sh scripts now require common-functions.sh to be present in (opt)/genestack/scripts/.

Automated Generation: Missing secrets are now auto-generated. If you use external secret management, ensure naming conventions align with Genestack defaults to avoid duplication.

Atomic Upgrades: All Helm operations now use --atomic. Failed deployments will automatically roll back rather than leaving the namespace in a corrupted state.

Environment Paths: Standardized base paths to (opt)/genestack and overrides to (etc)/genestack.

Checklist for Reviewers

[x] Verify common-functions.sh is sourced correctly in all modified scripts.

[x] Ensure --rotate-secret flag correctly triggers re-generation in get_or_create_secret.

[x] Confirm that parallel execution in setup-openstack.sh properly traps exit codes (non-zero exits should stop the master script).

[x] Validate that OVN connection strings are dynamically resolved in install-neutron.sh.