feat(nameref): follow name references inside embedded YAML/JSON

[isumitsolanki]

Fixes

Closes #6101

---

Summary

[One line: what changed and which subsystem.]

Example: Implements structured-data traversal for nameReference so names inside YAML/JSON embedded in scalar fields (e.g. ConfigMap.data) can be updated, aligned with structured replacements behavior.

---

Related issue

• Issue: Support structured-data traversal in nameReference transformer #6101
• [Optional: related PRs / release note link]

---

Problem

[What was broken or missing; user-visible symptom.]

For #6101:

• nameReference only updated normal manifest fields from fieldSpecs.
• It did not traverse JSON/YAML inside scalar strings (ConfigMap.data, Secret.stringData, annotations, etc.).
• Generated names (e.g. secretGenerator hash suffixes) did not propagate into nested config such as auth.secretName inside data["config.yaml"].

---

Root cause

[Why the old code could not satisfy the issue.]

For #6101: The nameref filter stopped at the leaf scalar that contained the whole embedded document as one string; there was no parse → navigate → update → serialize path for that content.

---

Solution

[Bullets: syntax, main code paths, compatibility.]

For #6101:

Item	Detail
Path syntax	manifest/path//inner.dot.path — manifest segment uses /; inner segment uses . with SmarterPathSplitter escaping (same idea as structured replacements).
Behavior	Parse scalar → PathMatcher on inner path → existing nameref set / map / sequence logic → serialize back.
Refactor	api/internal/structuredscalar for serialization; replacements calls into it.
roleRef	Uses manifest-only prefix when path contains //.
Compatibility	Paths without // unchanged.

---

Impact

Area	Notes
Users	Can propagate renames and generator hashes into embedded app config without per-key replacements.
Risk	Low; opt-in via // in path.
Caveats	Minor YAML style drift on round-trip (e.g. | vs |-), similar to structured replacements.

---

How to verify

cd api

go test ./filters/nameref/... -run 'TestNamerefFilter/structured' -count=1 -v
go test ./krusty/... -run TestIssue6101StructuredNameReference -count=1 -v
go test ./filters/replacement/... ./internal/accumulator/... -count=1

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: isumitsolanki
Once this PR has been reviewed and has the lgtm label, please assign koba1t for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @isumitsolanki. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.