Lovro Sviben

Similarly to the [comment](https://github.com/crossplane/crossplane-runtime/pull/864#issuecomment-3455370141) on adding the [Orphan management policy](https://github.com/crossplane/crossplane-runtime/pull/864), I am vary of adding new policies to the management policies except for the primitives we have. Adding `MustCreate` would...

Do we really need these changes, is it a standard now to set this value explicitly in ServiceAccounts? As its `true` by default, and IMO its something folks assume that...

> It is normal for organizations with policy engines like Gatekeeper to require it. Since Gatekeeper cannot distinguish between the defaulting being an intentional setting versus Kubernetes defaulting, it is...

> I attempted to run Crossplane with `automountServiceAccountToken: false`, but setting that for the service accounts causes containers to fail to start, since it needs access to the API server....

> Hey @negz, can you check out this PR if you have a minute? Coderabbit's suggestions look a bit weird. I think Coderabbit gave you both good suggestions. First simplifies...