Allow functional layers to be deployed more independently

[JaseKoonce]

Is your feature request related to a problem? Please describe.

In order to truly feel the value of functional layers it would be really helpful and allow for a lot more flexibility if each functional layer had less of a dependence on each other (excluding base).

Specifically I would really like to be able to deploy runtime-security and monitoring without needing to deploy identity-authorization. Having the ability to create a user vs use SSO could be really helpful in smaller environments that aren't exposing these UIs externally.

To make this work I believe the following work would have to be done:

• Template out the package templates for neuvector and grafana

• Replace the wait actions in the neuvector and grafana zarf.yamls with something like this: - cmd: if sso_enabled != true; then kubectl wait --for=condition=Ready --namespace=grafana packages.uds.dev/grafana --timeout=300s

[mjnagel]

For grafana in particular there is more complexity here due to the secret mount and auth configuration which would also need to be removed/nulled out to make this work. With the current state of zarf/uds-cli there's no obvious path for dynamically configuring these spots all together. We also don't currently have any knowledge of the rest of the bundle/state (outside of our operator which tracks certain components like SSO).

In the short term we could allow this configuration by adding a toggle for SSO that controls the Package CR contents, but the end user would be responsible for other overrides to ensure the applications (Grafana/NeuVector) don't expect SSO configuration and allow local auth. I think we would probably still encourage/recommend SSO on these applications even if they aren't regularly accessed, but this might be part of a larger story around identity coming from elsewhere (i.e. your apps are connected to a different Keycloak or other identity provider not in the same cluster).