Define reserved taint prefix conventions for avoiding core conflicts

[ajaysundark]

Context

As this project matures, there's potential for some patterns to be adopted into Kubernetes core. We should establish reserved taint prefix conventions now to avoid breaking changes later.

Currently users can use ANY taint key prefix - there's no enforcement of naming conventions.

Proposed Change

• Restrict users to use only taint key prefix under readiness.k8s.io/*

• Reserve certain taint key prefixes that have potential conflicts:

Forbid below reserved prefixes for readiness taints:

• readiness.k8s.io/system/*
• readiness.k8s.io/core/*
• readiness.k8s.io/node/*
• readiness.k8s.io/device/*
• readiness.k8s.io/network/*
• readiness.k8s.io/storage/*
• node.kubernetes.io/readiness-*

User-space prefix (allowed):

• readiness.k8s.io/* (excluding reserved subpaths above)

Changes required

1. Add a CRD validation for enforcing pattern for TaintSpec.key
2. Add validation in the admission webhook to reject rules using reserved prefixes
3. Document reserved prefixes in project README and API documentation
4. Update examples to follow the conventions

[ajaysundark]

cc @Karthik-K-N who is exploring the Validation Webhook scope.