fix(nzbget): render newshosting creds via init container

nzbget does not expand OS env vars in nzbget.conf (its ${...} only
references other nzbget options), so the previous secretKeyRef-as-env
approach left the literal ${NEWSHOSTING_USER} in the config and auth
failed with 400 DENIED.

Add initContainers support to the chart and an init step that seds the
Server1 (newshosting) block into nzbget.conf on every start: non-secret
settings in git, username/password from the usenet-creds Secret. Rotating
the secret + restarting re-renders the creds; no password lands in git.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

custom_helm_charts/nzbget/templates/deployment.yaml

@@ -21,6 +21,10 @@ spec:
     spec:
       volumes:
 {{ toYaml .Values.volumes | indent 6 }}
+    {{- with .Values.initContainers }}
+      initContainers:
+{{ toYaml . | indent 8 }}
+    {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"