Start using `hostUsers` where possible

[jcpunk]

Is your feature request related to a problem? Please describe.
Kubernetes 1.33+ offers user namespaces which further isolates users from the system and other pods on the same host.

Describe the solution you'd like
I'd like grafana to start with an "opt-in" flag where folks could start deploying with hostUsers: false via helm. Eventually it would be nice to shift this to an "opt-out" flag once kubernetes 1.32 is no longer on the support matrix for grafana.

Note this will probably need fsGroup and fsGroupChangePolicy to ensure any physical volumes are writable as expected.

Note: hostUsers: false doesn't work with kind.

Additional context
https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/