Add checks to make sure that CRD changes will not break users.
Things to investigate:

• https://github.com/openshift/crd-schema-checker
• Jouko's contributions: https://github.com/openshift/crd-schema-checker/pull/27 https://github.com/openshift/crd-schema-checker/pull/38
• example usage ./crd-schema-checker check-manifests --new-crd-filename=platform.stackrox.io_securedclusters.yaml --existing-crd-filename=/home/jvirtane/go/src/github.com/stackrox/backup/stackrox/operator/config/crd/bases/platform.stackrox.io_securedclusters.yaml
• use schema-checker in CI: https://github.com/stackrox/stackrox/pull/10288
• instructions for using schema-checker in EXTENDING_CRDS.md: https://github.com/stackrox/stackrox/pull/10402
• https://github.com/kubernetes/enhancements/issues/5000 : https://github.com/everettraven/crd-diff + https://github.com/everettraven/crd-diff/pull/11
• OLM CRD upgrade safety

Regarding OLM:

• https://github.com/operator-framework/operator-controller/blob/main/docs/concepts/crd-upgrade-safety.md
• OLMv0 checks to make sure you aren't removing a stored version, and it checks all existing CRs against the incoming schema
• v0 https://github.com/operator-framework/operator-lifecycle-manager/blob/4de27972108aead2917ade6aaf1fbb2739503acd/pkg/lib/crd/storage.go#L14
• v0 https://github.com/operator-framework/operator-lifecycle-manager/blob/4de27972108aead2917ade6aaf1fbb2739503acd/pkg/controller/operators/catalog/operator.go#L2145
• v1 doesn't look at CRs at all. It compares old schema with new schema. If there are any changes in a particular field, it runs through a list of known checks. If any of those checks says "breaking" or if there isn't a check for that particular change (i.e. it fails closed), then the overall check fails. OLMv1 allows a user to bypass the checks via a field on the ClusterExtension API
• v1 https://github.com/operator-framework/operator-controller/blob/a2ae8b878035918663e351192a4cd57a0e0c4ac8/internal/operator-controller/rukpak/preflights/crdupgradesafety/crdupgradesafety.go#L32