suppressStdinAnnotation has no effect — job.tpl checks limitStdinAnnotation instead

[bguenn2s]

Description

The launcher.templateValues.pod.suppressStdinAnnotation value introduced in the chart has no effect because job.tpl checks for limitStdinAnnotation instead of suppressStdinAnnotation, causing the stdin pod annotation to always be written regardless of the configured value.

Expected behavior:
Setting suppressStdinAnnotation: true should suppress the stdin pod annotation which contains sensitive session data including TLS private keys, session cookies and signing keys.
Actual behavior:
The stdin annotation is always written to session pod metadata regardless of the suppressStdinAnnotation value, exposing sensitive data in kubectl describe, audit logs and monitoring tools like Grafana/Loki.
Environment:
Chart version: rstudio-workbench-0.11.1
App version: 2026.04.0
Kubernetes: OpenShift

Steps to reproduce:

1. Set suppressStdinAnnotation: true in values.yaml
2. Deploy/upgrade the chart
3. Start a new Workbench session
4. Inspect the session pod annotations
5. The stdin annotation is still present despite suppressStdinAnnotation: true

Changes

Root cause:
In job.tpl the condition reads:

{{- if not $templateData.pod.limitStdinAnnotation }}
stdin: {{ toYaml .Job.stdin | indent 8 | trimPrefix (repeat 8 " ") }}
{{- end }}

Suggested fix
rename the field in the condition job.tpl from limitStdinAnnotation to suppressStdinAnnotation
this issue is related to the changes in #842