feat: shared resources namespace

[fuskovic]

Deprecates GLOBAL_CREDENTIALS_NAMESPACES in favor of new SHARED_RESOURCES_NAMESPACE.

Related to: #4778

[netlify]

✅ Deploy Preview for docs-kargo-io ready!

Name	Link
🔨 Latest commit	4e7ba0d
🔍 Latest deploy log	https://app.netlify.com/projects/docs-kargo-io/deploys/69303afe29a35b0008506248
😎 Deploy Preview	https://deploy-preview-5428.docs.kargo.io
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

❌ Patch coverage is 90.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 55.09%. Comparing base (9c26b96) to head (4e7ba0d).
⚠️ Report is 14 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/credentials/kubernetes/database.go	90.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5428      +/-   ##
==========================================
- Coverage   56.12%   55.09%   -1.03%     
==========================================
  Files         411      426      +15     
  Lines       30058    31536    +1478     
==========================================
+ Hits        16871    17376     +505     
- Misses      12213    13159     +946     
- Partials      974     1001      +27     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[krancour]

Even though what @fuskovic is doing in this PR is 100% in-line with what I'd proposed in #4778, I am having some second thoughts.

The "global credentials namespaces" supported credential lookup by type + URL rather than by direct reference. The corollary to that was that these credentials essentially became ambient. Developers working within individual projects did not actually have any way of seeing the credentials. That was deliberate, however, taking #4777 into account, it seems we are on the verge of making these credentials directly accessible by developers and I think that weakens Kargo's security posture quite a bit.

None of this is to say that we don't need to do something about #4778. There is very clearly confusion between "global credentials namespaces" and "cluster secrets namespace." I do not find it confusing, personally, but I do see a litany of other reasons to rethink how it all works now.

I think it would be foolish for us to charge ahead with these changes without stopping for a group sanity check, so imho, we should put a pin in this and thunderdome it after Thanksgiving.