This PR provides a temporary solution for this issue:
https://diamondlightsource.slack.com/archives/C06N43M7JP3/p1762939672661569
https://kubernetes.slack.com/archives/CLGR9BJU9/p1762854995411249

Kyverno sync stops working when there are hundred or thousands of objects matching the update due to the update requests becoming too large for etcd and generating errors like:

2025-11-11T08:13:13Z ERR github.com/kyverno/kyverno/pkg/policy/policy_controller.go:431 > Unhandled Error error="failed to create UR on generating policy events copy-host-secret-artifact-s3: Request entity too large: limit is 3145728" logger=UnhandledError

This issue is confirmed to still exist in kyverno 1.17.1.

This PR keeps the automatic copy of the secret on namespace generation but disables sync. That means that when the s3 secret is changed, it will need to be manually synced by running:

kubectl create job --from=cronjob/copy-host-secret-artifact-s3 -nworkflows copy-host-secret-artifact-s3

We can revert to automatic syncing when this issue is fixed upstream in kyverno by batching large sync requests.