Remove webhooks from Operator

[bernot-dev]

Over time, validating and mutating webhooks have been a source of several types of bugs for GMP:

1. Zero-node problems: When the operator is not scheduled because no nodes are available, webhooks fail and reject GMP Custom Resources.
2. Startup races: If a user installs GMP and PodMonitorings (for instance) at the same time, the webhook server may not yet be available, and the PodMonitoring will be rejected.
3. Instability problems: Any time the operator experiences downtime, CRDs validated/mutated by webhooks will be rejected.
4. Security concerns: Theoretically, if the operator is compromised, the webhook server could allow the attacker a vector to expand the attack.
5. Webhook server certificates: The operator currently has to generate and configure TLS certificates for the webhook server, which impacts several areas.

Broadly, the approach to remediate all of these issues is removal of webhooks and the webhook server, to be replaced with built-in Kubernetes validation using OpenAPI schemas and Common Expression Language (CEL).

Affected Custom Resources:

• ClusterNodeMonitorings
• Rules/ClusterRules/GlobalRules
• OperatorConfigs
• PodMonitorings/ClusterPodMonitorings

Related work to date includes:

• refactor: require at least one endpoint #1266
• refactor: default podmonitorings with CRDs #1267
• feat: validate scrape configs #1329
• feat: validate cert/key pairs #1332
• test: validate podmonitorings with CEL #1338
• Validate NodeMonitorings with CEL #1341
• feat: enforce policy on operatorconfig #1342
• refactor: tune cel budgets #1348
• refactor: remove validating webhook for podmonitorings #1349
• refactor: remove clusternodemonitoring webhook #1350
• refactor: validate rules #1375
• refactor: move regex validation to VAP #1386