docs: add runbooks and Kubernetes Helm Chart

Add 6 runbook documents:
- 服务启动 (Service Startup)
- 服务停止 (Service Shutdown)
- 配置更新 (Configuration Update)
- 日志分析 (Log Analysis)
- 备份恢复 (Backup & Recovery)
- 安全事件 (Security Incident)

Add Kubernetes Helm Chart:
- Chart.yaml, values.yaml
- Deployment with health checks
- Ingress with TLS support
- PVC for data persistence
- PDB for high availability
- HPA for autoscaling
- ServiceAccount configuration

Add cron-backup.conf for automated backup scheduling.

kubernetes/user-management/templates/ingress.yaml

@@ -0,0 +1,46 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "user-management.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (eq .Values.ingress.className "nginx")) }}
+{{- panic "ERROR: ingress.className must be 'nginx' for this chart compatibility" }}
+{{- end }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "user-management.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+    nginx.ingress.kubernetes.io/proxy-body-size: "10m"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
+spec:
+  {{- if .Values.ingress.tls }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType | default "Prefix" }}
+            backend:
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
+{{- end }}