Current CSIStorageClassController in library-go does not allow its user (=CSI driver operator) to update a StorageClass before its creation. The StorageClass is read from a yaml asset file and directly created in the API server.

https://github.com/openshift/library-go/blob/master/pkg/operator/csi/csistorageclasscontroller/csi_storageclass_controller.go

We need the controller to call callbacks / hooks that would allow the operator to update the StorageClass with additional parameters, such as encryption keys.

In other words:

1. NewCSIStorageClassController() should accept a new parameter(s) with a hook (hooks) that are called before the controller instantiates a StorageClass in the API server.
   • This concept is widely used in other CSi controllers, see optionalDaemonSetHooks parameter in NewCSIDriverNodeServiceController() and how it's used in sync().
2. CSIStorageClassController.Sync() should call all hooks to get the final `expectedSC` and then do whatever it does today (i.e. update default anntotation + call ApplyStorageClass)
3. CSIControllerSet.WithStorageClassController should accept a new parameter(s) with a hook (hooks) and pass them to NewCSIStorageClassController().
   See https://github.com/openshift/library-go/blob/master/pkg/operator/csi/csicontrollerset/csi_controller_set.go