Description

It would be awesome to see the results of policy-controller admissions recorded on affected objects.

There's a great example from Tekton Chains where they record helpful metadata:

kubectl get tr [TASKRUN_NAME] -o json | jq -r .metadata.annotations

{
  "chains.tekton.dev/signed": "true",
  ...
}

The things that seem most useful to me from the policy-controller side would be an annotation referencing the admitting or denying policy, the status, and ideally, enough details to understand the reasoning behind the policy decision.