Add workspace domain label to Kubernetes resources owned by workspaces

MR: Pending

Description

Workspace resources generated by rails and forwarded to the agent do not have any distinguishing labels on them. Labels have semantic meaning in Kubernetes and can be used for filtering, grouping, monitoring etc.

There exists an annotation however that is tied to all workspace resources for a particular workspace workspaces.gitlab.com/id. Maybe we can port this annotation to a label while generating the resource configs on the rails side. We should make sure no entity depends on this annotation and if someone does, evaluate removing the dependency.

We should also apply this label to resources that are generated for a workspace on the agent side (e.g. namespaces, secrets). This might entail explicitly forwarding the workspaces' ID from rails, or somehow parsing the incoming config object and extracting the label we expect to have been set on rails on a rails-generated config (workspaces.gitlab.com/id)

Acceptance Criteria

• make workspaces.gitlab.com/id a label instead of annotation safely (evaluate risks of this change and discuss if unfeasible)
• apply that label on all resources generated for a workspace
• apply that label on the agent side to resources generated for the workspace by the agent