RBAC related  bug:
By default when user installs operator it adds role-bindings (eg: edit & pipelines-anyuid) to all namespaces that user creates.

1.3.1 -> edit & pipelines-anyuid
1.4.0 -> edit & pipelines-restricted

now with present setup, we just add role-bindings to all namespaces that were existing with specific role-bindings and we don't remove it when user uninstall, upgrades operators, which is quite obvious.

problems:
1. When user installs 1.3.1 or older version of operator, assume we have namespaces temp which have got 2 role-bindings edit & pipelines-anyuid.
2. When user uninstall & install/upgrade to 1.4.0 operator, now user sees 3 role bindings edit, pipelines-anyuid & pipelines-restricted, which could be a real problem where user never knows because of what role his workloads got passed, because they all points to sa pipeline
3. When user creates new namespace after successful upgrade/install to latest operator he will see only 2 RB edit & {{pipelines-restricted a}}nd now I assume we need think about this mutation more deep, as along with RB we do introduce some annotations and some changes to cluster tasks which could break workflows with upgrades 

Note:  It's existing behavior from earlier release.  (regression bug)