feat: external cluster reference

[prometherion]

Related #105.

This feature has 2 separate feature flags marked as ALPHA:

• ExternalClusterReference, allows to reference Secrets in the same Namespace where the KamajiControlPlane has been deployed
• ExternalClusterReferenceCrossNamespace, allows referencing Secrets in different Namespaces rather than the KamajiControlPlane's one

The said boundaries are subject to the threat modelling of the cluster since Kamaji doesn't provide a policy engine.

The said flags can be enabled as usual feature flags, such as --feature-gates ExternalClusterReference=true or --feature-gates ExternalClusterReferenceCrossNamespace=true.

When the deployment is offloaded to a third cluster, a separate manager is created to take advantage of controller-runtime Manager caching capabilities, reused by other KamajiControlPlane instances referencing the same pair of Secret/key.

To preserve the reactivity expected from having a local TenantControlPlane instance, the same trigger mechanism experienced with Kamaji addons is in place: when changes are occurring to the remote TenantControlPlane, a reconciliation in the Control Plane is triggered too, without the need of having controllers RequeAfter and ensuring the possible reactivity affordable.

Remote TenantControlPlane instances are named with kcp-${kamajiControlPlane.metadata.uid}, and a finalizer will ensure the deletion of dangling Tenant Control Planes upon the Cluster API objects deletion.