Separate CRD-dependent resources from operator installs

cert-manager and CloudNativePG operator installs must complete before
their custom resources (ClusterIssuer, CNPG Cluster) can be applied.

Split into separate kustomize dirs so the ApplicationSet creates
independent ArgoCD apps that can sync in order:
- platform-cert-manager → installs operator
- platform-cert-manager-config → creates ClusterIssuers (after CRDs exist)
- platform-cloudnativepg → installs operator
- platform-cloudnativepg-cluster → creates PG cluster (after CRDs exist)

infra/kubernetes/platform/cloudnativepg/cluster.yaml

@@ -1,45 +0,0 @@
-# Prerequisites: CloudNativePG operator must be installed first.
-# Install: helm install cnpg cloudnative-pg/cloudnative-pg --namespace cnpg-system --create-namespace
----
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: homelab-pg
-  namespace: platform
-spec:
-  instances: 2
-  primaryUpdateStrategy: unsupervised
-
-  storage:
-    storageClass: longhorn
-    size: 10Gi
-
-  postgresql:
-    parameters:
-      max_connections: "100"
-      shared_buffers: 256MB
-      effective_cache_size: 512MB
-      work_mem: 4MB
-
-  bootstrap:
-    initdb:
-      database: homelab
-      owner: homelab
-      secret:
-        name: homelab-pg-credentials
-
-  backup:
-    barmanObjectStore:
-      destinationPath: s3://homelab-pg-backups/
-      endpointURL: http://minio.platform.svc:9000
-      s3Credentials:
-        accessKeyId:
-          name: pg-backup-s3-credentials
-          key: ACCESS_KEY_ID
-        secretAccessKey:
-          name: pg-backup-s3-credentials
-          key: SECRET_ACCESS_KEY
-    retentionPolicy: "30d"
-
-  monitoring:
-    enablePodMonitor: true

infra/kubernetes/platform/cloudnativepg/kustomization.yaml

@@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - application.yaml
-  - cluster.yaml