feat(deployment): allow "subdomain separator" to be customised

[theosanderson]

The "logical" way our authentication, backend etc. hosts should be specified is that we should have a main domain (or subdomain) e.g. pathoplexus.org for the website, and the backend should be backend.pathoplexus.org. This can also theoretically work with subdomains, with backend.pathoplexus.loculus.org. However we were running out of certificates with all our preview instances so we created a wildcard certificate for *.loculus.org. You cannot create a wildcard certificate with two wildcards (*.*.loculus.org) and so we have adopted a strategy where we instead use a pattern like authentication-pathoplexus.loculus.org for preview instances. However for the main pathoplexus instance we want to revert to authentication.pathoplexus.org so this PR adds a configurable value subdomainSeparator that can be set to - or . as we wish.

[corneliusroemer]

Thanks this is great!

How have you tested it? Checking the yaml that's rendered or also more?

Maybe we should a) make a preview deployment to see the previews still work and b) make a deployment that explicitly tests the . separator

Don't have any comments on the code. Feel free to merge, just curious about how you tested.

[theosanderson]

I tested it doesn't break the current set up by making a preview deployment (I'd done that already, to clarify, but hadn't included the URL). https://kc-rf.loculus.org/

Using the . separator will likely requires additional stuff on certificates. Certificates are not part of our built in deployment architecture.