Keycloak Operator doesn't provide a way to configure client roles at Realm level. Since Keycloak REST API does it, we should also provide this in the Operator for symmetry.
KeycloakAPIRealm should reflect RealmRepresentation. The goal is to add clientRoles sub-resource to the KeycloakAPIRealm. No other changes should be necessary.
Roles are represented differently when looking at RealmRepresentation (where it is a sub-resource) and UserRepresentation (where it is an array of Strings). There are also Client Roles, which are represented as map[string]string. The implementation might require revisiting all 3 approaches and checking, which one fits best. However, this engineering task shouldn't take long.
1-2 days for 1 person.