Support external Kafka brokers with SASL/TLS authentication

Scope:

• Add SASL authentication config (kafka.sasl.mechanism, kafka.sasl.existingSecret)

• Add TLS config for Kafka (kafka.tls.enabled, kafka.tls.caCert)

• Update install-helm-chart.sh to skip Strimzi operator + Kafka cluster deployment when external broker is configured

• Document required Kafka topic pre-creation (platform.upload.announce, hccm.ros.events, rosocp.kruize.recommendations)

• Ensure both ROS and Koku Kafka configurations are unified (currently kafka. and costManagement.kafka. are separate)

Estimate: Medium (partial support exists; mainly auth/TLS and script changes)