fix(slots): cleanup replication slots on replicas when features disabled

[mnencia]

When both replicationSlots.highAvailability.enabled and replicationSlots.synchronizeReplicas.enabled are disabled, the Replicator now performs cleanup by calling reconcile() before continuing the loop, ensuring user-defined replication slots are properly removed from replica pods.

This change also adds webhook validation to prevent users from removing
the synchronizeReplicas configuration section while it is still enabled.
This ensures that cleanup logic can properly execute before the
configuration is removed, preventing orphaned replication slots on
replicas.

Closes #9380

TODO

• document the known limitations: when excludedPatterns is modified the operator isn't able to compare the difference with the previous this my cause some lingering rep slots

[github-actions]

❗ By default, the pull request is configured to backport to all release branches.

• To stop backporting this pr, remove the label: backport-requested ◀️ or add the label 'do not backport'
• To stop backporting this pr to a certain release branch, remove the specific branch label: release-x.y

[mnencia]

/test

[github-actions]

@mnencia, here's the link to the E2E on CNPG workflow run: https://github.com/cloudnative-pg/cloudnative-pg/actions/runs/20003199261

[armru]

/test limit=local

[github-actions]

@armru, here's the link to the E2E on CNPG workflow run: https://github.com/cloudnative-pg/cloudnative-pg/actions/runs/20095657321

[Copilot]

Pull request overview

This PR fixes cleanup of user-defined replication slots on replica pods when replication slot features are disabled. It adds webhook validation to prevent configuration removal while features are enabled and ensures cleanup reconciliation runs before the replicator continues its loop.

Key Changes:

• Modified replication slot runner to execute cleanup reconciliation when features are disabled
• Added webhook validation preventing removal of synchronizeReplicas configuration while enabled
• Enhanced test coverage for new synchronizeReplicas validation rules

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
internal/management/controller/slots/runner/runner.go	Added cleanup reconciliation call when replication features are disabled to properly remove user-defined slots from replicas
internal/webhook/v1/cluster_webhook.go	Added validation to prevent removing synchronizeReplicas configuration section while the feature is enabled, ensuring cleanup can execute properly
internal/webhook/v1/cluster_webhook_test.go	Added comprehensive test cases for new synchronizeReplicas validation rules, including scenarios for removing configuration sections and disabling features

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[leonardoce]

After a chat with @armru we found that the improved webhook doesn't really check prevent the mistake from happening because it will run after the defaulting webhook, and the defaulting webhook will just set the cluster.spec.replicationSlots.highAvailability and cluster.spec.replicationSlots.synchronizeReplicas if they are not set.

The condition in https://github.com/cloudnative-pg/cloudnative-pg/pull/9381/files#diff-30bf0aa461c01460908ae409672d7d5be2a1d9065620671ea75ef81a5e9cec03R2311 won't ever be met because of that.

To cover this, we need to keep the old version of the cluster.spec.replicationSlots.highAvailability stanza in the cluster status to clean up only the replication slots that are managed by the operator. This will be addressed in a subsequent commit.