feat: kata container feature to enable kata integration

[TheRayquaza]

What does this PR do?

Adds a KataContainers feature to the Datadog Operator. When enabled, mounts /run/vc/sbs and /run/kata host paths into the core Agent container so the Agent can monitor Kata-containerized workloads.

Motivation

Kata Containers use a dedicated runtime that keeps container metadata outside the standard container paths. Without these mounts the Agent can't inspect Kata workload activity on the node.

Additional Notes

• New DatadogAgentSpec.Features.KataContainers.Enabled field (API + generated CRD manifests updated).
• No cluster agent or CCR changes needed - node agent only.
• Volumes are read-only.

Minimum Agent Versions

7.79 - DataDog/datadog-agent#47816

Describe your test plan

• Enable features.kataContainers.enabled: true on a DatadogAgent CR.
• Verify Agent pods have /host/run/vc/sbs and /host/run/kata volume mounts.
• Disable flag and verify mounts are absent.
• Unit test: go test ./internal/controller/datadogagent/feature/katacontainers/...

[codecov-commenter]

Codecov Report

❌ Patch coverage is 56.41026% with 17 lines in your changes missing coverage. Please review.
✅ Project coverage is 40.97%. Comparing base (6e2c0c9) to head (26b6285).
⚠️ Report is 4 commits behind head on main.

Files with missing lines	Patch %	Lines
...ler/datadogagent/feature/katacontainers/feature.go	68.75%	9 Missing and 1 partial ⚠️
pkg/testutils/builder.go	0.00%	7 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2917      +/-   ##
==========================================
+ Coverage   40.08%   40.97%   +0.88%     
==========================================
  Files         320      322       +2     
  Lines       28075    28952     +877     
==========================================
+ Hits        11254    11863     +609     
- Misses      16012    16252     +240     
- Partials      809      837      +28     

Flag	Coverage Δ
unittests	40.97% <56.41%> (+0.88%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
internal/controller/datadogagent/controller.go	92.85% <ø> (ø)
...rnal/controller/datadogagentinternal/controller.go	0.00% <ø> (ø)
pkg/testutils/builder.go	0.00% <0.00%> (ø)
...ler/datadogagent/feature/katacontainers/feature.go	68.75% <68.75%> (ø)

... and 15 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6e2c0c9...26b6285. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[datadog-datadog-prod-us1-2]

✨ Fix all issues with BitsAI

🛑 Gate Violations

🎯 1 Code Coverage issue detected

A Patch coverage percentage gate may be blocking this PR.

• Patch coverage: 59.26% (threshold: 80.00%)

ℹ️ Info

🎯 Code Coverage (details)
• Patch Coverage: 59.26%
• Overall Coverage: 41.06% (+0.92%)

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 26b6285 | Docs | Datadog PR Page | Give us feedback!}