As an admin, I'd like OLM workloads to still work whether they have migrated to PSA or not, so that my cluster can keep working with minimal effort during this transition period and I can focus on more high value issues.

Context: with PSA changes coming to OCP 4.12, namespaces will be labeled to enforce the `restricted` security profile. This may cause certain operator pods to not be scheduled as they do not meet the security profile's criteria. OCP will also include an auto-labeller controller that can adjust the namespace PSA security profile the the right level where the workload can be scheduled by Kubernetes.

A/C:

• When an operator is installed in an `openshift-*` namespace, apply the `security.openshift.io/scc.podSecurityLabelSync=true` label to that namespaces
• If the namespace already include's the `security.openshift.io/scc.podSecurityLabelSync`, whether set to false or true, nothing happens
• e2e tests are not necessary - though manual testing to sanity check would be great (e.g. show off a demo)
• Do not merge this in to the repo - but keep it handy until we get clarity from Staff Eng. on whether we'll need this controller or not
  • Still create the PR and put a hold on it. This ticket is done when we have all labels needed to merge.