Allow pod for Terraform task to be created in controller namespace

[adriansuarez]

There does not seem to be any requirement for the pod that runs the Terraform commands to be in the same namespace as the Terraform CR. It would be good for the namespace of the resources created by the controller (pods, configmaps, secrets) to be configurable by the user between one of two modes -- (1) same namespace as Terraform kind and (2) same namespace as controller.

The second mode would allow the controller to be limited to its own namespace (with a Role instead of a ClusterRole; see https://github.com/GalleyBytes/helm-charts/issues/76) for all resources except the Terraform kind.

This is important in multi-tenant environments where organizations do not want to grant too much access to a particular service.