fix: copy external files referenced by kustomize transformer 'path:' into temp dir

[yxxhero]

Problem

Kustomize transformers like PatchTransformer can reference external files via a top-level path: field (as opposed to inline patch:). Chartify was copying the transformer YAML to tempDir but not the files it referenced, causing kustomize to fail with security errors since the referenced files were outside its restricted root.

Fixes #90

Error before fix

Relative path:

Error: accumulation err=... must build at directory: '.../transformers/transformer.0.yaml': file is not directory

Absolute path:

Error: plugin PatchTransformer.builtin... fails configuration: failed to get the patch file from path(/.../nodeSelector.yaml): security; file is not in or below '/tmp/chartify...'

Solution

Added resolveTransformerFileRefs() in patch.go which:

1. Parses transformer YAML (handles single-doc, multi-doc, and list formats)
2. Scans for top-level path: fields that reference existing files
3. Copies referenced files into tempDir/transformer-patch-files/
4. Rewrites the path: to point to the in-root copy

Path resolution strategy

Kustomize resolves transformer path: relative to the kustomization root. The new resolveTransformerPath() helper tries:

1. CWD first (matching kustomize semantics — the user's CWD is the kustomization root equivalent)
2. Transformer file's directory as fallback (for colocated files)

Edge cases handled

• Directory paths are skipped (avoids crash on coincidental directory match)
• Non-file path: values (e.g. JSON paths in fieldSpecs) are left untouched
• Symlinks are followed via os.Stat
• Transformers without path: fields are returned unchanged (no re-encoding)

Test plan

• New integration test kube_manifest_transformer_with_path — verifies a PatchTransformer with path: patch.yaml correctly patches the target resource
• Existing kube_manifest_transformer_alpha_plugin test still passes
• Existing kube_manifest_with_patch test still passes
• go fmt, go vet, go build all pass