[Bug] TrustedExecutionCluster should reject duplicate instances at admission time

[yalzhang]

To reproduce:
Create the Second TrustedExecutionCluster CR, it do not rejected

$ oc apply -f cluster_2.yaml 
trustedexecutioncluster.trusted-execution-clusters.io/conf-cluster2 created
$ oc get  trustedexecutioncluster 
NAME            AGE
conf-cluster    115s
conf-cluster2   14s

check the status, the 2nd one is not installed successfully:

$ oc get  trustedexecutioncluster  conf-cluster2  -o yaml
...
status:
  conditions:
  - lastTransitionTime: "2026-03-27T08:38:33Z"
    message: ""
    observedGeneration: 1
    reason: AddressFound
    status: "True"
    type: KnownTrusteeAddress
  - lastTransitionTime: "2026-03-27T08:38:33Z"
    message: Another TrustedExecutionCluster definition was detected. Only one at
      a time is supported.
    observedGeneration: 1
    reason: NonUnique
    status: "False"
    type: Installed

Current behavior:

• Second TrustedExecutionCluster is created successfully
• Only fails at reconciliation (status shows NonUnique)
• No visible indication in oc get output
• the operator continuously showing errors

Expected behavior:

• Admission webhook rejects duplicate with clear error

$ oc apply -f conf-cluster2.yaml        
Error from server (Forbidden): admission webhook denied the request:                                                                 
Only one TrustedExecutionCluster per namespace is allowed.          
Existing instance: conf-cluster 

• OR at minimum: add printer columns to show status, like

$ oc get trustedexecutioncluster        
  NAME            STATUS         REASON                                                                                                
  conf-cluster    Installed      InstallationCompleted
  conf-cluster2   NotInstalled   NonUnique

[Jakob-Naucke]

Heavy solution: #240
Light solution: demand single, unique name for cluster. Not implementing yet because two objects could become upgrade strategy