Add support in Quay Bridge Operator to create and bind Quay robot account credentials to a customizable service account (defaulting to builder, but optionally pipeline or any user-defined SA).

[singha200]

In CI/CD setups using OpenShift Pipelines, the pipeline ServiceAccount is the default SA used by PipelineRuns.

Quay Bridge Operator currently only configures the builder SA to push images to quay, which is primarily used by BuildConfig/S2I, not Tekton.

• This forces users to either:
• Rebind secrets manually.
• Grant high-permission SCCs to builder, which may not be desirable.

Suggested Enhancements

• New ConfigMap/CR parameter to set the SA name (quay.targetServiceAccount: pipeline).
• Auto-bind Quay robot secret to that SA in the target namespace.
• Optionally generate imagePullSecrets or mount options.