Right now, downstream controllers such as that of nova, glance, neutron, keystone have fields for databaseUser and Secret, which is passed along to create a MariaDBDatabase instance with that username and password; the username right now must match the configured database name used by that controller as these cannot be separate.

The goal is to replace databaseUser with databaseAccount in each CRD, and use new API functions in mariadb-operator to ensure that a MariaDBAccount + Secret exists at controller init time, and to consume the new username/pw from that API.  These changes will allow operators to correctly consume MariaDBAccounts which will later be created by openstack-operator ahead of time.    This change delivers rotateable username+password functionality to each operator, where changing databaseAccount to a new name will generate and deploy for a new username/pw in mariadb for that instance.

The initial proof of concept is in glance at https://github.com/openstack-k8s-operators/glance-operator/pull/426