Mercure 0.23.5: Helm chart hardening

This article details the Mercure v0.23.5 release, which emphasizes Helm chart hardening for Kubernetes deployments. Key updates include opt-in NetworkPolicy and CiliumNetworkPolicy templates for default-deny per-tenant security, readOnlyRootFilesystem support with emptyDir mounts for /config and /tmp, and a rootless values.yaml snippet for running hubs without root privileges. The release also includes a Go library fix for bolt.NewBoltTransport to handle empty /data directories. These improvements address common production Kubernetes security findings like root containers, missing NetworkPolicy, and PodSecurity hardening, making it easier to deploy Mercure securely in multi-tenant or HA clusters.