Project configurations in any namespace

[OpenGuidou]

Summary

Some of the configuration shouldn't be centrally managed, as different user groups (linked to projects) may want to define them on their own.

Motivation

We should make the distinction between some central configuration, only accessible to the ArgoCD instance maintainers, and some configuration that can be distributed to the users.
In a multi-tenant organization, each of those groups should be able to managed their part of the configuration.
With the Application in any namespace feature, it's now possible to not open the in-cluster ArgoCD namespace to some of its users, and let them use their own namespace.

We should extend that to some configuration that would only affect their project, such as:

• Notifications (configmap and secret)
• ConfigManagementPlugin
• Plugin generators (configmap and secret)

It's implicitly requiring those elements to be able to be bound to a specific project.

I'm excluding here RBAC as it's already being discussed here: #8324

Proposal

1. Enable the feature via a flag --configuration-namespaces in the application controller, applicationset controller and notifications controller. This could default to the value of --application-namespaces of not provided.
2. Reuse the .spec.sourceNamespaces in the AppProject to allow to source configuration as well.
3. Read the configmaps (and linked secrets) in those namespaces using a dedicated label argocd.argoproj.io/cm-type= with different values according to their usage. Values could be notifications and plugin-generator
4. Read ConfigManagementPlugins directly in the target namespaces
5. Those configurations should only be accessible to the AppProject referencing this source namespace.