Add templates for wait jobs

As part of big-bang&237 (closed), we are looking to add post-install/post-upgrade hooks to a number of packages in BigBang. To reduce duplication across projects, the templates should be stored in a common location.

This example from argocd should be very close to what we should be implementing for this epic. The template should:

• Create a pod, role, rolebinding, and serviceaccount
• Be compliant with existing kyverno-policies
• Use an approved image registry1/kubectl?
• Trigger resource creation on post-upgrade and post-install
• Ensure that the hook is applied last, after all other hooks (if any)
• Delete all resources after every run, regardless of result
• All resources should be conditional (you can disable/enable their creation)