feat(reporthandling): add Helm provenance fields to Source

[yugal07]

Adds three optional fields to reporthandling.Source so downstream consumers can trace a rendered Helm resource
back to its chart template and values.yaml keys: HelmTemplateFile (chart-relative template path, e.g.
templates/deployment.yaml), HelmValuesPaths (the dotted .Values.* keys statically traced from the rendered
resource, e.g. ["image.tag","replicaCount"]), and HelmTemplateLine (1-based line in the source template, 0 when
unknown). All three are omitempty and purely additive - existing producers and JSON consumers are unaffected.

Why kubescape needs this: issue kubescape/kubescape#1772 - kubescape fix currently can't produce correct fixes
for Helm charts because Helm's render step drops all backward links from output YAML to the input template +
values key. Earlier attempts (#1215, #1551, #1620, #1628) tried to recover line mapping post-hoc via yqlib and
were unreliable enough that the mapping code was removed in #1995; today Helm-sourced findings either get skipped
or get yq patches applied at rendered-output line numbers against template files, which don't land where users
expect. The follow-up kubescape PR adds a helmprovenance package that walks each chart's templates (resolving
_helpers.tpl includes with a cycle guard) and statically extracts the .Values.* references - both .Values.foo.bar
and (index .Values "foo" "bar") forms - feeding them into these new Source fields during
LoadResourcesFromHelmCharts. The fix handler then routes Helm-sourced resources away from the yq pipeline and
prints actionable guidance pointing users at the specific values.yaml keys to edit, instead of silently skipping
them or corrupting templates. Keeping the schema change here, isolated and additive, lets the kubescape side land
cleanly once an opa-utils tag is cut.

Summary by CodeRabbit

• New Features
  • Added new optional provenance fields to capture detailed Helm template metadata, including template file paths, statically traced configuration value references, and precise source line numbers. These enhancements provide improved debugging capabilities and better traceability for understanding the origin and composition of template-based deployments and configurations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 359f5aae-235b-4471-9e9f-39d88b240e79

📥 Commits

Reviewing files that changed from the base of the PR and between 80607ca and abbb63c.

📒 Files selected for processing (1)

• reporthandling/datastructuresv1.go

---

📝 Walkthrough

Walkthrough

This PR extends the Source struct in the reporthandling package with three new optional fields to capture Helm template provenance: the template file path, dotted paths of referenced .Values.* keys, and the source line number within the template. All fields use JSON serialization with omitempty tags.

Changes

Helm Provenance Data Contract

Layer / File(s)	Summary
Helm Provenance Fields reporthandling/datastructuresv1.go	Source struct gains HelmTemplateFile (string), HelmValuesPaths ([]string), and HelmTemplateLine (int) fields with JSON omitempty tags for optional serialization.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 Three fields hop into Source so neat,
Template paths and values they greet,
Helm provenance tracked with care,
JSON tags float through the air! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: adding three Helm provenance fields to the Source struct in reporthandling.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[yugal07]

@matthyx Once this lands, raising the kubescape side PR. Let me know if any changes are needed. Thanks

[matthyx]

No blocker-level issues from my side. The change is additive and looks safe as proposed.