Add pre-install/pre-upgrade migration Job (replace app-startup migration)

[dhilgaertner]

Context

The chart currently relies on the app self-migrating the database on boot. That works but leaves schema state implicit during rollouts — a failing migration can leave pods crash-looping without a clean rollback signal.

Corveil already has a migrator (go/internal/db/migrate.go). The Go cmd needs a corveil migrate subcommand (add if missing — coordinate with the product repo). The chart then runs it as a Helm Job with pre-install,pre-upgrade hooks so rollouts block on successful schema state.

Goal

A templates/job-migrate.yaml that runs schema migrations before the Deployment rolls out and fails the Helm install/upgrade if migrations error.

Work items

• New templates/job-migrate.yaml:
  • annotations: helm.sh/hook: pre-install,pre-upgrade; helm.sh/hook-weight: "-5"; helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded.
  • Same image / env / secrets as the Deployment.
  • command: ["corveil", "migrate"].
  • restartPolicy: Never, backoffLimit: 1.
• Keep the existing wait-for-db init container on the Deployment (the Job also needs it).
• Document the pattern in README.md under "Upgrading".

Acceptance

• helm upgrade --install with a new migration in the image runs the Job, completes, then rolls the Deployment.
• helm upgrade --install with a deliberately-broken migration fails the upgrade cleanly (no partial rollout).

Dependencies

• Needs a corveil migrate subcommand in the binary. Follow-up in the product repo.

Key files

• templates/job-migrate.yaml (new)
• README.md (upgrading docs)