Allow explicit exclusion of certain service accounts from SCC policies

1. Proposed title of this feature request

Allow applying a custom SCC policy only to the namespaces that match a label selector

2. What is the nature and description of the request?
I am aware of using roles to define SCC roles but that doesn't cover the 3 methods I asked an RFE for. It only assigns the SCC for pods that are already using a service account. Which as I have mentioned before is not the default for devs developing a wide variety of workloads.

I'd like to request an official RFE for the SCC CustomResourceDefinition to support one of the three options here:

• Allow explicit exclusion of certain service accounts from SCC policies

• Allow applying a custom SCC policy only to namespaces that start with a certain pattern

• Allow applying a custom SCC policy only to the namespaces that match a label selector

3. Why does the customer need this? (List the business requirements here)
Devs developing a wide variety of workloads (mostly open source software requiring running as Root)

4. List any affected packages or components.

Security Context Constraint CRD