Support user specified MySQLServer secrets

[matthchr]

Closes #1590

• The specified secret must be a Kubernetes secret.
• The specified secret must contain a "username" and "password" field.
• The specified secret must be in the same namespace as the MySQLServer.
• If the specified secret doesn't exist, reconciliation will be blocked
  until the secret does exist. Once the secret is created, reconciliation
  will continue as normal.
• The operator does not make the user specified secret owned by
  the MySQLServer.
• The operator still creates a secret containing connection string details
  and username/password for the server. This secret is named as it was
  before. This means that the customer specified username and password
  are consumed to create this secret, but other resources such as MySQLUser
  still consume the generated secret file.

If applicable:

• this PR contains documentation
• this PR contains tests

[codecov-commenter]

Codecov Report

Merging #1625 (f56cdfb) into master (5df37e7) will increase coverage by 1.96%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #1625      +/-   ##
==========================================
+ Coverage   64.65%   66.61%   +1.96%     
==========================================
  Files         203      204       +1     
  Lines       12696    14760    +2064     
==========================================
+ Hits         8209     9833    +1624     
- Misses       3760     4170     +410     
- Partials      727      757      +30     

Impacted Files	Coverage Δ
hack/generated/pkg/testcommon/kube_test_context.go	83.33% <0.00%> (-6.67%)	⬇️
...enerator/pkg/astmodel/storage_package_reference.go	85.71% <0.00%> (-4.29%)	⬇️
...l/armconversion/create_empty_arm_value_function.go	79.16% <0.00%> (-4.17%)	⬇️
hack/generated/pkg/genruntime/property_bag.go	75.86% <0.00%> (-4.14%)	⬇️
hack/generator/pkg/functions/hub_function.go	77.27% <0.00%> (-3.98%)	⬇️
...k/generator/pkg/functions/original_gvk_function.go	86.11% <0.00%> (-3.89%)	⬇️
...nerator/pkg/functions/original_version_function.go	80.76% <0.00%> (-3.45%)	⬇️
...or/pkg/conversions/writable_conversion_endpoint.go	92.00% <0.00%> (-3.24%)	⬇️
hack/generator/pkg/astmodel/array_type.go	85.18% <0.00%> (-3.06%)	⬇️
hack/generator/pkg/astmodel/map_type.go	88.88% <0.00%> (-2.78%)	⬇️
... and 194 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5df37e7...f56cdfb. Read the comment docs.

[theunrepentantgeek]

Looks good, only minor comments.

[babbageclunk]

This looks great. I wonder whether there's a way to have a change to the secret trigger a reconcile?

[babbageclunk]

Should we make this resource reconcile when the secret is updated? Are people going to expect the user details to be updated in that case? (Is updating the credentials like that supported in ARM?)

[matthchr]

We probably should, yes. It's a bit of feature creep because we didn't support rolling credentials before (since the user couldn't specify them). I was thinking to avoid it as part of this PR based on the "feature creep" logic but probably should do better.

I'll look into implementing this but may do it as a separate PR as it'll have another set of tests ensuring that the update actually works, and the actual watching of that secret may add some complexity.

[matthchr]

I've filed #1634 - will follow up with a separate PR tackling that.