karmadactl: Add the reserved label karmada.io/system to resources created by the join command

[a7i]

What type of PR is this?

/kind feature

What this PR does / why we need it:
Follow-up to #3262

Adds the well-known "karmada.io/managed" label to resources created by karmada controllers

We need a way to bypass creation of some ClusterRole/Rolebindings by our OPA Gatekeeper and we don't have a consistent label to select on. When we join a cluster via push command, it creates ClusterRole/ClusterRoleBinding that are too open (* and *) which is by default blocked by our opa-gatekeeper policies. This allows us to bypass it by the karmada managed label.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

`karmadactl`: Add the reserved label `karmada.io/system` to resources created by the `join` command.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 70.73171% with 12 lines in your changes missing coverage. Please review.

Project coverage is 28.27%. Comparing base (a2e7828) to head (284dd27).

Files	Patch %	Lines
pkg/karmadactl/register/register.go	0.00%	12 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4620      +/-   ##
==========================================
+ Coverage   28.26%   28.27%   +0.01%     
==========================================
  Files         632      632              
  Lines       43589    43612      +23     
==========================================
+ Hits        12319    12332      +13     
- Misses      30372    30382      +10     
  Partials      898      898              

Flag	Coverage Δ
unittests	28.27% <70.73%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[grosser]

✨

[karmada-bot]

@chaunceyjiang: GitHub didn't allow me to request PR reviews from the following users: a7i.

Note that only karmada-io members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @a7i

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[XiShanYongYe-Chang]

Hi @chaunceyjiang, can you help take a review again?

[chaunceyjiang]

Thanks~

/LGTM

[chaunceyjiang]

/cc @XiShanYongYe-Chang PTAL.

[XiShanYongYe-Chang]

/lgtm
/cc @RainbowMango

[RainbowMango]

/assign
Another PR I missed :( :( I'll look at it ASAP.

[RainbowMango]

/lgtm
/approve

Forced pushed to solve conflicts and updated release-notes.

[karmada-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: grosser, RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• pkg/karmadactl/OWNERS [RainbowMango]
• pkg/util/OWNERS [RainbowMango]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[a7i]

@XiShanYongYe-Chang no rush, but should be ready for your review

[XiShanYongYe-Chang]

OK, thanks~
/retest

[XiShanYongYe-Chang]

Thanks~

[zhzhuang-zju]

/retest

[XiShanYongYe-Chang]

Thanks~
/lgtm

[zhzhuang-zju]

/lgtm
and failed e2e cases also rerun successfully~
cc @whitewindmills I observed that you added the /hold label earlier, please take a look at it again for any other comments? Note that once hold is canceled, pr will get merged since there is approve label

[RainbowMango]

/hold cancel