To enable ArgoCD in namespace "foo" to deploy workloads in namespace "bar", the user needs to grant ArgoCD permissions to do so by creating a role-binding, which is very tedious for a user. 

We can simplify this process by adding labels to the namespace, which is watched by ArgoCD Operator and creates role/role_bindings accordingly to grant argocd instance `admin` permissions for that particular namespace. 

Reference Doc:
https://docs.google.com/document/d/1Q6JgmZ1euETVMocX0krkR21PFJBZqkDRCnQRbn4_KJc/edit#heading=h.6k6fannbq66r

Acceptance Criteria

• Implement the "granting" side of the requirements per https://docs.google.com/document/d/1CDm-J8QPItELQv_GIzs1Y89miXNVUh7RZS85PsxYuwg/edit#heading=h.obahgj87nfva
• A user should be able to create label on the target namespace and the argocd instance can create/manage resources on the target namespace.
• Tested upgrade
• Tested and documented upstream (argocd operator)
• unit test added
• e2e tests added