Preserve v2 connection Secret ref across patch-and-transform pipeline steps

[fabioaraujopt]

Summary

When a v2 XR runs through multiple function-patch-and-transform pipeline steps, the auto-composed connection Secret reference can be unintentionally reset by a later step that omits input.writeConnectionSecretToRef.

For cluster-scoped XRs, this can clear the Secret namespace and cause reconcile failures (an empty namespace may not be set when a resource name is provided).

Repro

1. Use a v2, cluster-scoped XR (no XR namespace).
2. In step A, extract connection details and set input.writeConnectionSecretToRef via patches (including namespace).
3. In step B (later in pipeline), run function-patch-and-transform again, extract connection details, but omit input.writeConnectionSecretToRef.
4. Observe the desired composed connection Secret reference in step B loses namespace and falls back to defaults.

Current Behavior

• Each step composes a new connection Secret reference from scratch.
• If a later step has no writeConnectionSecretToRef, the ref can lose previously established non-empty values.

Expected Behavior

• If a desired connection Secret already exists from a previous step, reuse that ref as the base in subsequent steps.
• Allow explicit step input / patches to override fields intentionally.

Impact

• Multi-step pipelines can become order-sensitive in unexpected ways.
• Cluster-scoped XRs can enter persistent reconcile errors due to missing namespace in composed Secret refs.

Workaround

• Put writeConnectionSecretToRef in the last function-patch-and-transform step only.
• Or repeat writeConnectionSecretToRef in every function-patch-and-transform step.

Proposed Fix

Use the existing desired connection Secret reference as the base before composing the next step's connection Secret, then apply explicit input and patch overrides.