fix: health-check external-secrets addon via HelmRelease only

The external-secrets Kustomization was still using wait=true, which makes Flux
hold the addon in a failed state when the HelmRepository has transient fetch
errors even though the HelmRelease and runtime controller deployments are
healthy. Switch it to an explicit HelmRelease health check like the other
helm-backed addons.

infrastructure/addons/kustomization-external-secrets.yaml

@@ -10,6 +10,11 @@ spec:
     kind: GitRepository
     name: platform
   path: ./infrastructure/addons/external-secrets
-  wait: true
+  wait: false
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2
+      kind: HelmRelease
+      name: external-secrets
+      namespace: flux-system
   timeout: 5m
   suspend: false