Pass additional info in the mutation request to external data provider

[binbin-li]

Describe the solution you'd like
Ratify is implementing a namespaced-level multi-tenancy feature. We'd like to have both validation/mutation requests taking namespace and image to Ratify. We could easily support the validation case in the constraint template. But for mutation requests, seems we can only pass in the location value which is image in our use case since we don't actually mutate namespace. Wonder if any mutators could support users specify additional info besides the mutating fields.

Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]

Environment:

• Gatekeeper version: 3.15.0
• Kubernetes version: (use kubectl version): 1.29.2

[sozercan]

I was talking to @binbin-li offline. Sounds like ratify is storing credentials to retrieve registry info (for updating tag->digest) as secrets, the additional namespace metadata will be used for the provider to find the secret in the applicable namespace.

@maxsmythe @ritazh wdyt? does it make sense to add an "additional metadata" type of field to external data for mutation?