Reconfigurator planner: Zone safety checks for redundancy should check input policy, not constants

[jgallagher]

Our zone safety checks for cockroach, internal DNS, and boundary NTP all require sufficient redundancy. These checks are implemented in terms of the constants we define for the control plane; e.g.,

omicron/nexus/reconfigurator/planning/src/planner.rs

Lines 2475 to 2477 in 773799e

	if all_statuses.len() < COCKROACHDB_REDUNDANCY {
	return Some(Cockroachdb { reason: NotEnoughNodes });
	}

However, the level of redundancy the planner tries to ensure when adding zones is controlled by the input policy; e.g.,

omicron/nexus/reconfigurator/planning/src/planner.rs

Lines 1202 to 1204 in 773799e

	DiscretionaryOmicronZone::CockroachDb => {
	self.input.target_cockroachdb_zone_count()
	}

The safety checks should be using the input policy target number, not the constant. (This doesn't affect production currently, because the input policy is always the hard-coded constant. But it might (?) mean some tests are incorrect, and we need to fix if we want those policy knobs to be usable.)