1. Handle Post Install Creation of OIDC Client Secrets
2. As part of ARO HCP, if we take customer secret data we need to support encryption at multiple levels. As a result, allowing the customer to configure the console day2 when configuring external OIDC / external AUTH should be possible to get around restrictions of customers passing data to us and us having to support customer-managed keys encryption at rest in all the places it's stored including a k8s secret.
3. Allows us to adhere to MSFT data handling requirements of Customer Content
4. HyperShift control plane operator

See: https://github.com/openshift/hypershift/pull/5351/files and https://docs.google.com/document/d/1_vo4Ayng-vZlCagRgtOvmq69HcgxXOyijO_s3IauX00/edit?tab=t.0 for details.