@kopf.on.update('secrets') will cause us to attempt to listen to
updates to every secret in the Kubernetes cluster in which we are
running. This is negative because:
* kopf annotates every object it is watching to track last known
state, which will be *every secret in the cluster* if with the
current approach. This is a somewhat obnoxious behaviour.
* if the operator is not running with elevated priviledges, this may
not work correctly anyway, although the current deployment does
provide the operator user with cluster-admin priviledges
Instead, we should only track the secrets that we've expressed
interest in, which is effectively what we're doing anyway, but this
will save us from annotating every secret in the cluster.
Change-Id: I540841ee8b053ae05ca7943aca3f1646b509cfd9
d2b2393d52