[VC-43753] Collect creationTimestamp, deletionTimestamp and resourceVersion metadata for Secret and Route resources

[wallrj-cyberark]

The CyberArk Discovery and Context API team requested the creationTimestamp and resourceVersion for Secret resources.
I assume the TLSPK backend does not need this metadata, but it seems harmless to add it.
I also added deletionTimestamp, because I expect the CyberArk API will eventually want that too.
And I added these new metadata fields to the Route handling, for consistency.

Secret and Route are the only two resources where the fields are allow-listed.
All other resources are pushed to the backend in-full, including all the metadata fields.

I think it would be more consistent if we published the same metadata fields for all resources, and I've tried to express that in some new function comments.

For all resources there is some special case filtering for sensitive labels and annotations, removal of superfluous managed-fields and removal of large last-applied-configuration annotations.

Part of: https://venafi.atlassian.net/browse/VC-43753

Testing

You can see the extra fields that are collected as follows:

I collected two sample output files using code from master (before) and from this branch (after) and then diffed them

go run . agent \
  --install-namespace venafi \
  --api-token unused \
  --one-shot \
  --agent-config-file examples/one-shot-secret.yaml  \
  --output-path=before.json

$ diff -u <(jq -S < before.json ) <(jq -S < after.json)
--- /dev/fd/63  2025-08-19 16:37:14.249233168 +0100
+++ /dev/fd/62  2025-08-19 16:37:14.250233165 +0100
@@ -8,44 +8,7 @@
             "apiVersion": "v1",
             "kind": "Secret",
             "metadata": {
+              "creationTimestamp": "2025-08-15T13:11:55Z",
               "labels": {
                 "cert-manager.io/next-private-key": "true",
                 "controller.cert-manager.io/fao": "true"
@@ -62,6 +25,7 @@
                   "uid": "4f1f5a25-dfa8-40dd-bd97-4a652855ec31"
                 }
               ],
+              "resourceVersion": "959",
               "uid": "c629b2ed-409b-4ae1-938f-2e224a74031f"
             },
             "type": "Opaque"
@@ -79,20 +43,64 @@
               "annotations": {
                 "cert-manager.io/allow-direct-injection": "true"
               },
+              "creationTimestamp": "2025-08-15T13:11:29Z",
               "labels": {
                 "app.kubernetes.io/managed-by": "cert-manager-webhook"
               },
               "name": "cert-manager-webhook-ca",
               "namespace": "cert-manager",
+              "resourceVersion": "748",
               "uid": "e11953ff-fbd0-4a68-8dc3-95f3a9dd1087"
             },
             "type": "Opaque"
           }
+        },
    "data-gatherer": "k8s/secrets",
     "schema_version": "v2.0.0",
-    "timestamp": "2025-08-19T16:34:41+01:00"
+    "timestamp": "2025-08-19T16:34:13+01:00"
   }
 ]

[SgtCoDFish]

/lgtm
/approve

Love the extra comments!