1. Proposed title of this feature request
ROSA block editing hive-owned objects via GitOps via admission webhooks

2. What is the nature and description of the request?
ROSA has guardrails in place in the form of validating webhooks to protect various parts of the platform from being edited by users. This also works for cluster-admin user made via `rosa create admin` command. But this is not always the case for GitOps-driven changes. Users often assign `cluster-admin` role to the `openshift-gitops-argocd-application-controller` sa, who in turn effortlessly creates machineconfigs etc.

3. Why does the customer need this? (List the business requirements here)
The more guardrails are in place - the more self-explanatory and self-content the product is, the less vendor involvement is necessary.
Example: https://access.redhat.com/support/cases/#/case/03514092 (chrony config applied via gitops successfully)

4. List any affected packages or components.

https://github.com/openshift/managed-cluster-validating-webhooks