Add Helm chart and GitLab CI pipeline

- Helm chart with PostgreSQL, MinIO, Redis as optional subcharts
- Production and external infrastructure value files
- HPA, Ingress, and health probe support
- GitLab CI pipeline using Buildah for container builds
- Multi-stage pipeline: test, build, publish

helm/orchard/values-external.yaml

@@ -0,0 +1,58 @@
+# Values for using external PostgreSQL and S3 storage
+# Use this when you have existing infrastructure
+
+replicaCount: 2
+
+image:
+  pullPolicy: Always
+
+# Disable subcharts - use external services
+postgresql:
+  enabled: false
+
+minio:
+  enabled: false
+
+redis:
+  enabled: false
+
+orchard:
+  database:
+    host: "your-postgres-host.example.com"
+    port: 5432
+    user: orchard
+    dbname: orchard
+    sslmode: require
+    # Option 1: Use existing secret
+    existingSecret: "my-postgres-secret"
+    existingSecretPasswordKey: "password"
+    # Option 2: Set password directly (not recommended)
+    # password: "your-password"
+
+  s3:
+    endpoint: "https://s3.amazonaws.com"
+    region: us-east-1
+    bucket: orchard-artifacts
+    usePathStyle: false
+    # Option 1: Use existing secret
+    existingSecret: "my-s3-secret"
+    existingSecretAccessKeyKey: "access-key-id"
+    existingSecretSecretKeyKey: "secret-access-key"
+    # Option 2: Set credentials directly (not recommended)
+    # accessKeyId: "your-access-key"
+    # secretAccessKey: "your-secret-key"
+
+ingress:
+  enabled: true
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  hosts:
+    - host: orchard.example.com
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: orchard-tls
+      hosts:
+        - orchard.example.com