fix(helm): Make Helm template detection less aggressive

[guyg-palo]

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

This change addresses an issue where the Helm parser was too aggressive in its detection of Helm templates, causing it to incorrectly identify and skip valid, rendered Kubernetes manifests that contained other templating languages (like HashiCorp Vault) in their annotations.

Motivation and Context

When scanning a Helm chart, checkov first renders the chart using helm template and then scans the resulting Kubernetes YAML. However, a regex-based check was in place to prevent the scanning of un-rendered Helm templates. This check was too broad and was incorrectly triggered by the syntax of other templating languages, such as the {{- with secret ... }} syntax used by HashiCorp Vault in annotations.

This resulted in checkov producing empty results for Helm charts that used these other templating languages, as it would incorrectly identify the rendered YAML as an un-rendered template and skip it.

Description of the Change

This PR modifies the helm_template_patterns in checkov/kubernetes/parser/k8_yaml.py to be more specific to Helm templates. It removes the generic checks for if, end, and with statements, and relies only on the presence of .Release. and .Values. to identify un-rendered Helm templates.

This change ensures that checkov can correctly scan rendered Helm charts that include other templating languages in their annotations, without affecting its ability to handle standard Helm charts.

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my feature, policy, or fix is effective and works
• New and existing tests pass locally with my changes