feat(webhook): add mutating webhook support for resource modification

[AKonnyaku]

The current implementation only supports validating webhooks for request rejection. So, we should:

• first, introduce a mutating webhook configuration to intercept and modify requests before validation;
• then, extend the casbin enforcer to return patch operations alongside allow/deny decisions;
• implement json patch generation for common mutations like sidecar injection or resource limits;
• update the crd to support defining mutation rules within policy definitions;
• it enables automatic resource compliance and removes the necessity for manual user intervention.