Better security

Currently the Operator can reference secrets in other namespaces via secretRef, which may enable namespace-scoped users to access secrets in their unauthorized namespaces. Perhaps it's better to limit reference in the same namespace or use webhook for authorization.