fix: Add Secret to ByObject label filter for defense-in-depth

Add Secret to the ByObject cache configuration with the same
operator-name label filter used for other core types. While no
controller currently creates a Secret informer, this prevents
an unfiltered cluster-wide Secret watch if one is added in the future.

Author: ugiordan

cmd/training-operator.v1/main.go

@@ -99,6 +99,7 @@ func newCacheOptions(namespace string) cache.Options {
 			&corev1.Pod{}:            operatorFilter,
 			&corev1.Service{}:        operatorFilter,
 			&corev1.ServiceAccount{}: operatorFilter,
+			&corev1.Secret{}:         operatorFilter,
 			&rbacv1.Role{}:           operatorFilter,
 			&rbacv1.RoleBinding{}:    operatorFilter,
 		},