fix deadlock of api-server resources when watch

[freeznet]

(If this PR fixes a github issue, please add Fixes #<xyz>.)

Fixes #

(or if this PR is one task of a github issue, please add Master Issue: #<xyz> to link to the master issue.)

Master Issue: #

Motivation

Explain here the context, and why you're making that change. What is the problem you're trying to solve.

Modifications

Describe the modifications you've done.

Verifying this change

• Make sure that the change passes the CI checks.

(Please pick either of the following options)

This change is a trivial rework / code cleanup without any test coverage.

(or)

This change is already covered by existing tests, such as (please describe tests).

(or)

This change added tests and can be verified as follows:

(example:)

• Added integration tests for end-to-end deployment with large payloads (10MB)
• Extended integration test for recovery after broker failure

Documentation

Check the box below.

Need to update docs?

• doc-required

  (If you need help on updating docs, create a doc issue)

• no-need-doc

  (Please explain why)

• doc

  (If this PR contains doc changes)

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull Request Overview

This PR removes custom watch loops to prevent deadlocks, unifies finalizer handling with controllerutil, refactors RSA key workflows into a shared pkg/crypto module, and updates CRDs and tooling configs.

• Eliminate watcher maps and goroutines in all controllers; use predicate filters and controllerutil finalizers instead
• Move RSA key generation/export into pkg/crypto and adapt apikey_client to use Spec.EncryptionKey
• Extend CRDs (exportPlaintextToken, tlsAllowInsecureConnection) and update .licenserc.yaml

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pkg/streamnativecloud/apikey_client.go	Drop internal key gen, convert Spec.EncryptionKey directly
pkg/crypto/rsa.go	Change PEM block Type from "RSA PUBLIC KEY" to "PUBLIC KEY"
controllers/workspace_controller.go	Remove watch logic, switch to controllerutil finalizers and predicate filter
controllers/serviceaccountbinding_controller.go	Remove watcher code, add readiness check, unify finalizer API
controllers/serviceaccount_controller.go	Eliminate watches, update finalizer handling and status/logging
controllers/secret_controller.go	Simplify data resolution, remove watchers, update CR with SecretRef
controllers/flinkdeployment_controller.go	Remove custom watches, update finalizer and cloud client usage
controllers/apikey_controller.go	Refactor encryption flow, sync cloud status, remove watches, reshape finalizer and requeue logic
config/crd/bases/resource.streamnative.io_*.yaml	Add exportPlaintextToken and tlsAllowInsecureConnection fields
.licenserc.yaml	Include testbin/** in ignore patterns

Comments suppressed due to low confidence (2)

controllers/apikey_controller.go:118

• The alias controllers2 is not imported in this file, causing a compile failure. Add the appropriate import for the APIKey client package or update the alias to match existing imports.

apiKeyClient := controllers2.NewAPIKeyClient(apiConn, organization)

controllers/flinkdeployment_controller.go:112

• The alias controllers2 is not imported in this file, causing a compile error. Import the correct package (e.g., github.com/streamnative/pulsar-resources-operator/pkg/streamnativecloud as controllers2) or use the existing alias.

deploymentClient, err := controllers2.NewFlinkDeploymentClient(conn, apiConnResource.Spec.Organization)