Description
In ARO, we provide an installer override image which is used to run the ARO installer to install a given OCP release.

We currently are tagging the images consistent per minor version, e.g. installer:release-4.x. Because of Microsoft vulnerability scanning, we need to ensure that the image being pulled is the latest. So when we need to patch our installer image for vulnerabilities, we can be assured that the latest image is being pulled.

This appears to already be a well-established pattern in hive. https://github.com/openshift/hive/pull/1365/files shows an example of a similar occurrance it was used for.

The ARO SRE team is more than happy to contribute toward the code changes needed to make this happen.

Acceptance Criteria

1. Have an environment variable that is able to be set on the hive deployment which overrides the ImagePullPolicy for the installer image spawned during cluster provisioning.

Slack thread: https://redhat-internal.slack.com/archives/CE3ETN3J8/p1682524817374499