[gardener/gardenctl-v2]

⚠️ Breaking Changes

[USER] Access Restrictions: The gardens[].accessRestrictions[].notifyIf field in the gardenctl configuration (see gardenctl config view) is no longer supported and will be ignored. gardenctl now assumes notifyIf=true. This change does not affect the gardens[].accessRestrictions[].options[].notifyIf setting. by @petersutter [#503]
[USER] The session directory has been moved to a sessions subfolder, changing from <temp_dir>/garden/<session_id> to <temp_dir>/garden/sessions/<session_id>. The current session will be migrated on the next run of a gardenctl command. by @petersutter [#476]

[USER] ssh: New flags have been introduced to provide finer control over strict host key checking behavior when using the gardenctl ssh command:
- --bastion-strict-host-key-checking: Controls how the SSH client performs host key checking for the bastion host. Valid options are yes, no, or ask. The default value is ask.
- --node-strict-host-key-checking: Controls how the SSH client performs host key checking for the Shoot cluster node. Valid options are yes, no, or ask. The default value is ask.
  Previously, the behavior was equivalent to setting these flags to no, meaning no host key verification was performed. by @petersutter [#470]
[USER] Access Restrictions:
- Use new fields in Shoot API for the shoot access restriction configuration, that were introduced with g/g#10654.
- The legacy access-restriction key seed.gardener.cloud/eu-access will be mapped to eu-access-only if your gardenctl configuration has not been updated (see gardenctl config view). by @petersutter [#503]
[USER] ssh: Default paths for known_hosts files are set for bastions and shoot nodes. Bastion keys are stored in temporary directories, while shoot node keys persist in the garden home directory. by @petersutter [#476]
[DEVELOPER] gosec was introduced for Static Application Security Testing (SAST). by @petersutter [#470]