Is your feature request related to a problem? Please describe.
So we have a CM that we insist (through the user of a Kyverno Policy) is mounted on every pod.
However, we don't have control of the annotations that developers add to their deployment.
So if developers add the annotation reloader.stakater.com/auto: "true", and then we change the ConfigMap, their pods all get restarted.

Which results in a disruption to their application, and downtime. (and, thus, cost -- yay)

Describe the solution you'd like
An annotation that can be added to ConfigMaps and Secrets so that they are explicitly ignored, regardless of what annotations are added by the developers.
(Maybe unless they explicitly include the CM)