Change oauth2 to mount rather than load secrets

[cbandy]

Sorry for this wall of text. There's a couple things happening:

• Change from a list of secret ref to a list-map of secret+key ref
  • this allows the user to select/name the field within their secret
  • they can also store multiple oauth configs in a single secret (different keys)

spec:
  config:
    oauthConfigurations:
      - name: something
        secret:
          name: another
          key: anything

• Don't annotate the pod with config hash

  • it's better that we reduce the times we have to read a secret directly
  • this rolls out slower, but recent changes reload config without recreating the pod

• Keep spec order of OAUTH2_CONFIG

  • this might not matter inside pgAdmin, but seems good to do?

I don't have an OAuth environment setup, so I was looking at the results of this command:

kubectl -n cbandy exec pgadmin-79dc40ce-4efe-4495-9c8f-c62922cc751b-0 -- bash -c '
cd /usr/local/lib/python*/site-packages/pgadmin4 &&
python3 -c "import config, pprint; pprint.pp(config.__dict__)"
'