Add metadata info for SA when it does an action.

Example:

User updates a connector, the payload yaml returns with full user details. A SA updates the same pipeline, the yaml shows user: null

OPA cannot tell if an action is performed by a service account (the info that OPA sees shows "user: null"). This means that you need to add an exception to policies that bypasses restrictions if user==null, but then any service account can trivially bypass OPA.

There needs to be data enriched fields to inform OPA on if the action is performed via service account, and more details on exactly which service account is performing the action.