Add fsGroupChangePolicy option to Kubernetes backend

[xoxys]

Supersedes: #5390
Fixes: #5389

Original PR does not allow editing. Added the missing test case.

I have added a new kubernetes backend option for configuring the [PodSecurityContext.fsGroupChangePolicy](https://> kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#podsecuritycontext-v1-core) field of created job pods.

The current implementation always allows setting this option to any value. No additional requirements were put in place as I don't see a security impact of specifying this.
If the container is run as root, it does not matter whether volume files are also owned by root since root always has access. The other way around, if the container is run as non-root, the worst that can happen is for the user running it to not have access to files that placed inside the volume and owned by a different user.

[woodpecker-bot]

Surge PR preview deployment was removed

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 26.50%. Comparing base (92a1946) to head (513c086).
⚠️ Report is 157 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5416      +/-   ##
==========================================
+ Coverage   26.30%   26.50%   +0.20%     
==========================================
  Files         402      403       +1     
  Lines       28592    28817     +225     
==========================================
+ Hits         7520     7637     +117     
- Misses      20383    20485     +102     
- Partials      689      695       +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.