Description of problem:
Create a new namespace, create a profilerecording based on log for selinuxprofile. And create deployment with proper labels so the profile
When trying to check Log enricher based selinuxprofiles recording for deployment, the workload deleted, the selinuxprofiles were created as expected. Then delete all selinuxprofiles in the namespace, the matrix security_profiles_operator_selinux_profile_total keeps changing even if there is no seliuxprofile available.

Version-Release number of selected component (if applicable):
4.11.0-0.nightly-2022-06-14-172335 + security-profiles-operator-bundle-container-0.4.3-58

How reproducible:
always

Steps to Reproduce:
Create cm:
$ oc create -f -<<EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: cluster-monitoring-config
namespace: openshift-monitoring
data:
config.yaml: |
enableUserWorkload: true
EOF
configmap/cluster-monitoring-config created
2. Install SPO
3. Enable log Enrisher by command below:
$ oc -n security-profiles-operator patch spod spod --type=merge -p '{"spec":{"enableLogEnricher":true}}'
4. Create a new namespace mytest. To record by using the enricher, create a ProfileRecording which is using recorder: logs:
$ oc new-project mytest
$ oc apply -f -<<EOF
apiVersion: security-profiles-operator.x-k8s.io/v1alpha1
kind: ProfileRecording
metadata:
name: hello-openshift-recording
spec:
kind: SelinuxProfile
recorder: logs
podSelector:
matchLabels:
app: hello-openshift
EOF
5. create the severice account with privileged permission:
$ oc create -f -<<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
name: spo-record-sa
—
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: spo-record
namespace: mytest
rules:

• apiGroups:
• security.openshift.io
  resources:
• securitycontextconstraints
  resourceNames:
• privileged
  verbs:
• use
  —
  kind: RoleBinding
  apiVersion: rbac.authorization.k8s.io/v1
  metadata:
  name: spo-record
  namespace: mytest
  subjects:
• kind: ServiceAccount
  name: spo-record-sa
  roleRef:
  kind: Role
  name: spo-record
  apiGroup: rbac.authorization.k8s.io
  EOF
  create a deployment:
  $ oc apply -f -<<EOF
  apiVersion: apps/v1
  kind: Deployment
  metadata:
  name: hello-openshift
  spec:
  replicas: 3
  selector:
  matchLabels:
  app: hello-openshift
  template:
  metadata:
  labels:
  app: hello-openshift
  spec:
  serviceAccountName: spo-record-sa
  initContainers:
• name: wait
  image: quay.io/openshifttest/centos:centos7
  command: ["/bin/sh", "-c", "env"]
  containers:
• name: hello-openshift
  image: quay.io/openshifttest/hello-openshift:multiarch
  ports:
• containerPort: 80
• name: redis
  image: quay.io/security-profiles-operator/redis:6.2.1
  EOF
  6. When pods for deployment running, trigger curl from the hello-openshift containers
  7. Delete workload
  $ oc delete deployment hello-openshift
  8. Wait until all selinuxprofiles created and installed, delete all the selinuxprofiles
  $ oc get selinuxprofile
  NAME USAGE STATE
  hello-openshift-recording-hello-openshift-0 hello-openshift-recording-hello-openshift-0_my-app.process Installed
  hello-openshift-recording-hello-openshift-1 hello-openshift-recording-hello-openshift-1_my-app.process Installed
  hello-openshift-recording-redis-0 hello-openshift-recording-redis-0_my-app.process Installed
  hello-openshift-recording-redis-1 hello-openshift-recording-redis-1_my-app.process Installed
  $ oc delete selinuxprofiles.security-profiles-operator.x-k8s.io --all
  selinuxprofile.security-profiles-operator.x-k8s.io "hello-openshift-recording-hello-openshift-0" deleted
  selinuxprofile.security-profiles-operator.x-k8s.io "hello-openshift-recording-hello-openshift-1" deleted
  selinuxprofile.security-profiles-operator.x-k8s.io "hello-openshift-recording-redis-0" deleted
  selinuxprofile.security-profiles-operator.x-k8s.io "hello-openshift-recording-redis-1" deleted

Actual results:
When selinuxprofiles deleted, the metrix keeps changing.

Expected results:
When selinuxprofiles deleted, the metrix should only updated when selinuxprofiles deleted
$ oc get selinuxprofile --all-namespaces
No resources found
$ kubectl run --rm -i --restart=Never --image=registry.fedoraproject.org/fedora-minimal:latest -n mytest metrics-test – bash -c 'curl -ks -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://metrics.security-profiles-operator/metrics-spod' | grep security_profiles_operator_selinux
Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "metrics-test" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "metrics-test" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "metrics-test" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "metrics-test" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

1. HELP security_profiles_operator_selinux_profile_total Counter about selinux profile operations.
2. TYPE security_profiles_operator_selinux_profile_total counter
   security_profiles_operator_selinux_profile_total {operation="update"} 36
   
   $ kubectl run --rm -i --restart=Never --image=registry.fedoraproject.org/fedora-minimal:latest -n mytest metrics-test – bash -c 'curl -ks -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://metrics.security-profiles-operator/metrics-spod' | grep security_profiles_operator_selinux_profile_total
   Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "metrics-test" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "metrics-test" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "metrics-test" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "metrics-test" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
   # HELP security_profiles_operator_selinux_profile_total Counter about selinux profile operations.
   # TYPE security_profiles_operator_selinux_profile_total counter
   security_profiles_operator_selinux_profile_total{operation="update"}

   42

$ kubectl run --rm -i --restart=Never --image=registry.fedoraproject.org/fedora-minimal:latest -n mytest metrics-test – bash -c 'curl -ks -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://metrics.security-profiles-operator/metrics-spod' | grep security_profiles_operator_selinux_profile_total
Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "metrics-test" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "metrics-test" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "metrics-test" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "metrics-test" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

1. HELP security_profiles_operator_selinux_profile_total Counter about selinux profile operations.
2. TYPE security_profiles_operator_selinux_profile_total counter
   security_profiles_operator_selinux_profile_total {operation="update"} 35
   
   $ kubectl run --rm -i --restart=Never --image=registry.fedoraproject.org/fedora-minimal:latest -n mytest metrics-test – bash -c 'curl -ks -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://metrics.security-profiles-operator/metrics-spod' | grep security_profiles_operator_selinux_profile_total
   Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "metrics-test" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "metrics-test" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "metrics-test" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "metrics-test" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
   # HELP security_profiles_operator_selinux_profile_total Counter about selinux profile operations.
   # TYPE security_profiles_operator_selinux_profile_total counter
   security_profiles_operator_selinux_profile_total{operation="update"}

   27

$ kubectl run --rm -i --restart=Never --image=registry.fedoraproject.org/fedora-minimal:latest -n mytest metrics-test – bash -c 'curl -ks -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://metrics.security-profiles-operator/metrics-spod' | grep security_profiles_operator_selinux_profile_total
Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "metrics-test" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "metrics-test" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "metrics-test" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "metrics-test" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

1. HELP security_profiles_operator_selinux_profile_total Counter about selinux profile operations.
2. TYPE security_profiles_operator_selinux_profile_total counter
   security_profiles_operator_selinux_profile_total {operation="update"}

   42

Additional info: