Decouple sync between a foreground and background reconciler

This foreground/background separation is necessary because it takes too long to refresh status with each reconciliation (controller default SyncPeriod is 10h, and re-sync all ApplicationRegistration on webeos cluster with 5k ApplicationRegistration would take >20m during which time site creation from webservices portal fails, because it times out waiting for ApplicationRegistration to be Created - cf. INC3490535).

We went with 2 instances of the ApplicationRegistrationReconciler operating in different modes, rather than 2 separate controllers, to allow the foreground/background separation while minimizing changes to the existing logic.

I plan to proceed like this:

• once this is merged I will upgrade the operator-sdk (which needs to move lots of files, so won't do it until this MR is merged - in case changes are needed)
• only after upgrading the SDK and removing the For watch of the background reconciler, I'll perform perf tests with several k projects on a dev cluster
• then create a MR on okd4-install to deploy the new version of the authz operator. the okd4-install MR will need
  • small update to the Project templates to explicitly set the delete-app-from-authz-api finalizer explicitly on new ApplicationRegistration
  • and for existing ApplicationRegistration, I will write post-deployment actions to update existing finalizers