pihole: bump image to 2026.05.0 (dnsmasq CVE security release)

Pi-hole 2026.05.0 bundles FTL v6.6.2 which imports six upstream dnsmasq
security fixes, covering all publicly disclosed CVEs against the
dnsmasq 2.92/2.93 line. Per the upstream release notes the fixes are
"minimal, self-contained changes to the embedded dnsmasq sources. No
FTL-side configuration or API changes; users should see no observable
behavior change beyond the closed vulnerabilities."

Override the chart's default image.tag in helm/pihole/values.yaml (no
chart version bump). The pihole ArgoCD app is intentionally MANUAL
sync per Viktor's call -- after merge, sync the pihole app from the
ArgoCD UI to roll the pod over.

https://github.com/pi-hole/docker-pi-hole/releases/tag/2026.05.0

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

helm/pihole/values.yaml

@@ -1,4 +1,11 @@
 ---
+# Image tag override: bumps pihole/pihole to 2026.05.0 without changing
+# the chart version. The 2026.05.0 release bundles FTL v6.6.2 which
+# imports 6 upstream dnsmasq CVE fixes (covering the dnsmasq 2.92/2.93
+# disclosures). No FTL-side config or API changes per the release notes.
+# https://github.com/pi-hole/docker-pi-hole/releases/tag/2026.05.0
+image:
+  tag: "2026.05.0"
 DNS1: "1.1.1.1"   # Cloudflare
 DNS2: "8.8.8.8"   # Google
 DNS3: "9.9.9.9"   #Quad9