Attempt to use CEL preconditions in kyverno policies matching widely used object

Summary

We've started using CEL preconditions in !2144 (merged) to address #1190 (closed), this should be generalized if possible to policies that are matching frequently used/updated resources.

If we look at kyverno admission controller log, we can observe that these policies are the most often processed:

• disallow-default-namespace
• disallow-latest-and-main-tag
• pdb-minavailable-check

(The two first ones have an event higher match rate as they are matching pods)

If it is possible, we should try to use CEL preconditions for these policies.