Requirements (see https://docs.google.com/document/d/1lY2T7C8r1I6tJGYoJTMtzEDN-1LmMmJKQ8oMc_XOsgk/edit?tab=t.0#heading=h.qxi18nj16iwn):

• Remove configurability of Listen* options by the user of the secured-cluster-services Helm chart.
• Introduce new option, which controls whether the webhook enforces policies or not.
• Disable Bypass Annotation will be available as a configuration option, defaulted to false.
• Configurability of the timeout will be removed. If set, emit a warning and proceed.
• Fail open/close will be a new configuration option available for the users defaulted or upgraded to Fail Open
• Make sure that Admission Controller / ValidatingWebhookConfiguration is always deployed on secured clusters.