Description:

Implement support for a configurable trustNamespace where trust-manager reads sources (ConfigMaps/Secrets). The operator should create the namespace if it doesn't exist and properly configure RBAC resources in the correct namespaces.

More Details:

• spec.trustManagerConfig.trustNamespace - defaults to "cert-manager"

• Operator creates namespace if it doesn't exist (with resource labels)

• RBAC placement:

• • trust-manager Role/RoleBinding → trust namespace

• • trust-manager:leaderelection Role/RoleBinding → operand namespace (cert-manager)

• Non-goal: Automatic deletion of the trust namespace when the TrustManager CR is deleted or updated with a new namespace.  

Acceptance Criteria:

• Trust namespace created if it doesn't exist
• RBAC is configured correctly.
• --trust-namespace arg set correctly in deployment
• TrustManagerStatus.TrustNamespace updated
• Necessary e2e and UTs are added