When rolling back k8s objects in MTC, like secrets with finalizers in place, the operation will get stuck in the 'CleanupMigrated' stage waiting for objects to be removed.

Since the secrets that were migrated contains a finalizer, those won't be deleted unless the finalizer gets removed manually.

These secrets have the finalizer because the cluster was upgraded from earlier version of OCP to 4.16.x.

This creates a situation where manual intervention is needed.

Skipping / excluding these objects is not possible since they are needed in the destination cluster.

Steps to reproduce:

1. On a 4.16 cluster create an empty project, with defaults serviceaccounts and dockercfg secrets which are created with the project   

2. Addition a secret that has the finalizer 'openshift.io/legacy-token' set. This is expected for clusters that were upgraded to 4.16 from previous versions.   

3. Perform a cutover migration to destination cluster and validate the secret gets migrated.   

4. Run a rollback to clean up the resources in the destination namespace.   

 
Results:
Clean up process gets hung because of the secret finalizer not being removed when deleting the secret.
What is expected:
Migrated secrets should be deleted in destination cluster when a rollback is requested.
Workaround:
There's 1 workaround for this behavior which is to patch and remove the finalizer from the secret _after_ removal of the 'openshift.io/token-secret.name' annotation on the same, otherwise the finalizer is re-added automatically.
This might be able to be implemented through a hook which customer would like to avoid.