It's become clear through our early usage of crane that often ServiceAccounts
and some secrets that are undesirable to get recreated on the
target cluster are leaking through to the final output manifests.

Examples:

• default ServiceAccounts and associated Secrets
• Secrets with cluster specific certs

Can we implement a solution to this that helps reduce its occurence?