Add first-class support for external destination clusters in ArgoCD with strict error handling

[Copilot]

This PR implements automatic external destination cluster support for Nyl when used as an ArgoCD plugin, enabling lookup() functions to work seamlessly against clusters different from the ArgoCD cluster itself.

Problem

Previously, Nyl's lookup() function only worked against the local ArgoCD cluster because it used in-cluster configuration. When an ArgoCD Application's destination cluster was different from the ArgoCD cluster, lookups would fail:

# This would fail lookups before this PR
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
  destination:
    server: https://external-prod-cluster.example.com  # Different from ArgoCD cluster
    namespace: production
  source:
    plugin:
      name: nyl-v1

Solution

Added transparent external cluster detection and credential resolution with strict error handling:

1. ArgoCD Environment Detection: Automatically detects ArgoCD context via environment variables (ARGOCD_APP_NAME, etc.)
2. Application Resource Lookup: Fetches the ArgoCD Application resource to determine destination cluster
3. Cluster Credential Resolution: Looks up destination cluster credentials from ArgoCD's cluster secrets
4. Destination Client Creation: Creates a Kubernetes API client for the destination cluster
5. Strict Error Handling: Fails fast with clear error messages when destination cluster is unavailable instead of silently falling back to wrong cluster
6. Transparent Integration: All lookup() calls automatically use the destination cluster

Key Features

• Zero Configuration: Works automatically with existing ArgoCD Applications
• Backwards Compatible: Non-ArgoCD usage and same-cluster deployments continue unchanged
• Strict Error Handling: Errors immediately when destination cluster cannot be reached, preventing incorrect deployments
• Secure: Leverages ArgoCD's existing cluster credential management
• Transparent: No changes needed to existing manifests or lookup calls

Error Behavior

When running in ArgoCD context with an external destination cluster, if the destination cluster credentials cannot be resolved or the client cannot be created, Nyl will now raise a RuntimeError with a clear message instead of silently falling back to the ArgoCD cluster. This prevents potentially dangerous situations where deployments might target the wrong cluster.

Files Changed

• src/nyl/tools/argocd.py - New ArgoCD integration utilities
• src/nyl/commands/template.py - Modified to use destination cluster client with strict error handling
• src/nyl/tools/argocd_test.py - Comprehensive test suite covering all scenarios
• docs/content/reference/cluster-connectivity.md - Updated documentation

Fixes #27.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[NiklasRosenstein]

@copilot I think we should error here instead of falling back.

[Copilot]

Changed to error instead of fallback. Now raises a RuntimeError with a clear message when destination cluster client creation fails, ensuring we fail fast instead of silently using the wrong cluster. Commit: 417eb70