This story is about the downstream operator built by CPaaS

To enable ArgoCD in namespace "foo" to deploy workloads in namespace "bar", the user needs to grant ArgoCD permissions to do so by creating a role-binding, which is very tedious for a user. 

We can simplify this process by adding labels to the namespace, which is watched by ArgoCD Operator and creates role/role_bindings accordingly to grant argocd instance `admin` permissions for that particular namespace. 

Reference Doc:
https://docs.google.com/document/d/1Q6JgmZ1euETVMocX0krkR21PFJBZqkDRCnQRbn4_KJc/edit#heading=h.6k6fannbq66r

Acceptance Criteria

•  This is about the gitops operator (built in CPaaS) . Implement the "granting" side of the requirements per https://docs.google.com/document/d/1CDm-J8QPItELQv_GIzs1Y89miXNVUh7RZS85PsxYuwg/edit#heading=h.obahgj87nfva
• A user should be able to create label on the target namespace and the argocd instance can create/manage resources on the target namespace.
• Tested upgrade
• Tested and documented DownStream CPaaS built GitOps Operator
• unit test added
• e2e tests added