Add object locking and retention support to Bucket CRD

[mr-083]

Summary

• Add objectLocking (bool, immutable) and retention (mode + days) fields to BucketSpec
• CreateBucket passes ObjectLocking: true to minio.MakeBucketOptions when enabled
• SetBucketRetention sets default governance/compliance retention after bucket creation
• CRDs regenerated with kubebuilder validation (enum, minimum, immutability)
• All existing tests updated and passing

Example

apiVersion: s3.onyxia.sh/v1alpha1
kind: Bucket
metadata:
  name: backup-immutable
spec:
  name: backup-immutable
  quota:
    default: 5Gi
  objectLocking: true
  retention:
    mode: governance
    days: 90
  s3InstanceRef: s3-operator/default

Test plan

• go build ./... passes
• go test ./internal/controller/bucket/ -v passes
• Tested on live AIStor cluster: bucket created with object locking + 90-day governance retention via CRD
• mc retention info confirms GOVERNANCE configured for 90DAYS