docs: add Gateway API guide and remove deprecated NGINX ingress docs

[vivekr-splunk]

Summary

This draft PR introduces Gateway API documentation for Splunk Operator and removes deprecated NGINX ingress guidance.

What changed

1. Added a new guide: docs/GatewayAPI.md
   • First-time-reader friendly structure (problem statement, prerequisites, phased implementation, validation, troubleshooting)
   • Practical guidance for both HEC (8088) and S2S (9997)
   • Cross-namespace routing behavior with allowedRoutes and ReferenceGrant
   • AKS validation baseline section with observed outcomes
2. Added Gateway API diagrams and sources:
   • docs/pictures/gateway-api/src/*.puml
   • docs/pictures/gateway-api/png/*.png
3. Updated docs/Ingress.md
   • Added link to Gateway API guide
   • Removed deprecated NGINX sections and NGINX-specific Let's Encrypt example
   • Kept Istio and generic ingress guidance

Why

Gateway API is now the recommended Kubernetes-native model for service exposure, and customers requested explicit HEC/S2S guidance for external forwarding tiers. The previous NGINX sections are deprecated and can cause confusion.

Validation performed on AKS

Cluster: vivek-splunk-sok

1. Gateway API controller healthy (GatewayClass eg, Envoy Gateway deployments/services ready)
2. Splunk C3 resources ready (cm, idxc, shc all Ready)
3. HEC over Gateway API validated:
   • curl https://<GW_IP>:8088/services/collector/health -> HEC is healthy
   • curl https://<GW_IP>:8088/services/collector/event -> {"text":"Success","code":0}
4. S2S transport over Gateway API validated:
   • nc -vz <GW_IP> 9997 successful
5. Cross-namespace policy behavior validated:
   • Without ReferenceGrant: ResolvedRefs=False, RefNotPermitted
   • With ReferenceGrant: ResolvedRefs=True
   • Multiple TCPRoute on same listener (Envoy Gateway): Accepted=False, UnsupportedValue

Notes

1. This PR is documentation-only. No runtime code paths were changed.
2. Temporary validation resources were cleaned up after test execution.