Problem:

When processing install-config.yaml, Hive's pasteInInstallConfigSecrets function uses yaml.Unmarshal + yaml.Marshal to inject credentials, which silently filters out unknown fields (e.g., typos like baain instead of baseDomain, newer config fields, or any undefined fields). 

Impact/Context:

Installer PR #10287 added strict validation to warn users about configuration errors. However, these warnings are never shown when deploying through Hive because unknown fields are filtered out before reaching the installer.

What happens:

By the time install-config.yaml reaches the installer binary, the unknown field baain has already been removed. The installer only receives:  baseDomain: <empty>

• Does NOT trigger UnmarshalStrict's unknown field error
• Does NOT show any WARNING about the typo
• Only shows baseDomain validation error: `file: baseDomain: Invalid value: \"\": a lowercase RFC 112xxxx`