ServiceAccount reconcile logic leads to authentication problems

[eryalito]

From #417 (comment)

TL:DR When a SA has to be updated the current logic is to delete the old one and create a new sa with the desired configuration

Each time the SA is marked as changed it needs to be reconciled: add/delete new secrets on the rbd, restore default conf after a manual editing of the object, etc. This leads to some problems when using serviceaccount identity. Currently I have located 2 cases where this is a problem:

1. If a pod is using a SA to communicate with the APIServer (like operators) when the SA is recreated the mounted credentials on the pod is not refreshed, getting an Unauthorized message. This makes some operators and pods crash.
2. When tokens are created and used to login into the cluster from the outside. For example automated tools that interacts with the cluster (ArgoCD, Jenkins, etc). If the SA is deleted and re-created the token is revoked, so the integration breaks.

IMHO this behaviour should be changed so the rbac-manager edit the existing SA when possible instead of recreating it.

[sudermanjr]

Related to, or a duplicate of: #386