Generate an rndc key per bind instance (use the replicas value from the CR) and store in a secret. Currently the bind pod names aren't decided up on so use keys "designate-bind-0", "designate-bind-1", etc as pod names. The creation of this map should be idempotent (i.e the rndc key for a instance doesn't change over the lifetime of the deployment) and the size of the stored secrets should shrink if the replica count shrinks, with the remaining key not being reused. 

e.g.: replicas 3

 designate-bind-key-0: key-1a
 designate-bind-key-1: key-2a
 designate-bind-key-2: key-3a

set replicas to 2

 designate-bind-key-0: key-1a
 designate-bind-key-1: key-2a

set replicas to 3 

 designate-bind-key-0: key-1a
 designate-bind-key-1: key-2a
 designate-bind-key-2: key-3b (NOT 3a)

It be preferable if there were some form of kuttl test for this where replicas were greater than 1.