Allow to disable secret overwrite. Use annotation to protect original values of existing secret in target namespace

[francardoso93]

My team is using kubernetes-replicator in the Initium project to do a push based secret replication. We're facing issues to avoid that existing secrets get overwritten. That's what happens: When the source secret has the same name of an existing secret in target, the target one gets replaced. Source is always the source of true.
I understand that to be the default behavior, but I'd like to propose to make this configurable, as it's currently a blocker for us.

Suggested solution:
Replicator checks an annotation at target secret, that can disable the default behavior. Then, it doesn't replicate values from source to that specific annotated secret.
eg: replicator.v1.mittwald.de/protect-from-overwrite: true

We're available to collaborate by doing this implementation if you agree.

[francardoso93]

cc @LucaLanziani

[daniel-ciaglia]

I would introduce a global option as well eg. overwrite-mode with multiple options

• always - always overwrite targets old default
• if-not-exists - new default
• if-allowed - check annotation on target

I would also change the semantics of the proposed target annotation to replicator.v1.mittwald.de/overwrite-allowed. This follows the current annotations (https://github.com/mittwald/kubernetes-replicator/blob/master/replicate/common/consts.go)