fix: add ClusterName for Kubernetes API calls in secret resolvers

[jhrv]

Problem

The previous fix (PR #312) incorrectly removed ClusterName() from ALL operations. This caused Environment "prod-gcp" does not exist errors when trying to read secret values.

Root cause

There are two different systems with different naming conventions:

• Watcher cache: Uses environment names (prod-gcp)
• Kubernetes API: Uses cluster names (prod)

Fix

Add ClusterName() back for Kubernetes API calls:

• All mutations (Create, Add, Update, Remove, Delete) - use SystemAuthenticatedClient
• GetSecretValues - uses impersonated Client

Watcher lookups (Get, ListForWorkload) correctly use environment names (from PR #312).