allow keeping secret name as defined in user spec

[reddec]

Allow keeping secret name as defined in user spec while keeping current behavior by-default (ie: backward compatible).

PR adds new boolean environment variable KEEP_SECRET_NAME (disabled by default) which instructs operator create secret with name exactly as defined in PostgresUserSpec.

The main motivation is to increase transparency for operations team: understand which secret will be created without having deep knowledge of the operator code (principle of least surprise).

This is "opt-in" flag and doesn't require any configuration change for existing users to keep current behavior.

[reddec]

@hitman99 summoning you! 🪄

[hitman99]

Will review this on monday

[hitman99]

This flag should come with a note of caution. The current logic prevents operator from entering endless reconcile loop as secret is very unlikely to exist. Your change increases a change that specified secret already exists by a lot. It's very easy to copy-paste two CRs and forget to change theSecretName to something different. If the secret already exists, the operator will never stop reconciling the CR until either offending secret is deleted or CR is deleted or updated with another SecretName

[reddec]

With KEEP_SECRET_NAME the operator (administrator/devops) at least can see the result secret name. It's not trivial (without reading docs) to understand after manifests quick scan that secret actually will NOT be a secretName but db-<secretName>.

Anyway, I added details in doc. @hitman99