[Bug] Credentials DB password should not update

[tthvo]

How about this idea to guard against the user breaking their credentials DB by destroying the password?

1. If the CR doesn't have a defined DatabaseSecretName, create the default secret with a generated password
2. When creating the deployment, check whether the default secret exists. - If it does, then the CR initially had no custom secret and the credentials DB would have been created with the generated password.
   • If it doesn't, then check if DatabaseSecretName has been set (it should), and use that.
   • If for some reason the DatabaseSecretName is not set, then the password has been lost. Likely due to the user deleting the default secret. We could emit an Event here.

Originally posted by @ebaron in https://github.com/cryostatio/cryostat-operator/pull/474#pullrequestreview-1142820938

[ebaron]

From https://github.com/cryostatio/cryostat-operator/pull/474#issuecomment-1279347320:

Just a question: What about the case where the user switch from custom secret to default one? The default secret will take place and still make Cryostat fail right?

True, that would be harder to detect. How about this idea instead? We add a Status.DatabaseSecret to the CRD. We write to this field once, which will be the canonical database secret for the lifetime of that Cryostat. We could do this by comparing against the existing value of the field and only setting it when nil. Then the secret referenced here would be what the Deployment uses.