`shouldFleetEnroll` always triggers re-enrollment due to Fleet URL scheme mismatch with stored host

[blakerouse]

When running Elastic Agent in a container managed by ECK as a DaemonSet, the agent re-enrolls on every pod restart despite valid enrollment state (fleet.enc) being persisted via a hostPath volume. This results in duplicate agent entries in Fleet.

The root cause is a string comparison mismatch in shouldFleetEnroll in container.go.

storedFleetHosts := storedConfig.Fleet.Client.GetHosts()
if len(storedFleetHosts) == 0 || !slices.Contains(storedFleetHosts, setupCfg.Fleet.URL) {
    // The Fleet URL in the setup does not exist in the stored configuration, so enrollment is required.
    return true, nil
}

setupCfg.Fleet.URL is populated directly from the FLEET_URL environment variable, which includes the scheme.

storedConfig.Fleet.Client.GetHosts returns values from the stored remote.Config struct, which stores the protocol separately in a Protocol field and the host as just host:port.

For confirmed bugs, please report:

• Version: All
• Operating System: Containers
• Steps to Reproduce:

1. Deploy ECK 3.3.1 with Elasticsearch, Kibana, and Fleet Server on a Kubernetes cluster
2. Deploy an Elastic Agent as a DaemonSet using the ECK Agent CRD with mode: fleet and fleetServerEnabled: false
3. The ECK operator injects FLEET_ENROLL=true, FLEET_URL=https://..., and FLEET_ENROLLMENT_TOKEN into the pod spec, and mounts agent state at /usr/share/elastic-agent/state via a hostPath volume
4. Wait for the agent to enroll and become healthy
5. Delete a DaemonSet pod kubectl delete pod <agent-pod>
6. The DaemonSet controller creates a replacement pod on the same node
7. Observe the replacement pod's logs: Starting enrollment to URL: https://fleet-server-agent-http.default.svc:8220/.

[elasticmachine]

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)