Description of Problem:
ArgoCD application controller blocked by podsecurity policy after gitops 1.16 upgrade

Additional Info:
openshift-gitops-application-controller statefulset fails to start due to Pod Security Admission (PSA) restrictions resulting in to following error: 

openshift-gitops-application-controller-0 in StatefulSet openshift-gitops-application-controller failed error: pods "openshift-gitops-application-controller-0" is forbidden: violates PodSecurity "restricted:v1.29": unrestricted capabilities (container "argocd-application-controller" must not include "CHOWN", "DAC_OVERRIDE", "FOWNER" in securityContext.capabilities.add)

Checking the SCC and SA shows correct however on one of the cluster it still does not get the SS to be in optimal state. 

Reproducibility:
Once

Prerequisites/Environment:

OCP: 4.16.15
Gitops : 1.16.2

Expected Results: 

app-controller StatefulSet  should be up and in optimal state. 

Actual Results:

app-controller StatefulSet  is not in optimal state which results in application-controller not in ready state. 

Workaround: 

In order to provide a workaround, we had CU add an annotation to app-controller StatefulSet to use the privileged SCC which worked:

# ArgoCD instance should look like so
spec:
  controller:
    annotations:
      openshift.io/required-scc: "privileged"