Currently, in clusters where Cilium is deployed, changing the namespace label will instantly generate a number of ciliumidentity when the namespace have many pod who's label is different.
After these ciliumidentity events are pushed to the API server, they are fully distributed to each node.
These ciliumidentity changes will result in a large number of ciliumendpoint update events.
Therefore, when there are many pods who's lable is different in a namespace and the cluster has a large number of nodes, changing the namespace label can easily cause significant pressure on the API server and, under extreme circumstances, may lead to the API server crashing.

1. In this patch, when modifying the namespace label, we delay the invocation of the CiliumIdentity change event by a random amount of time to alleviate pressure on the API server.
2. The maximum delay time can be configured via the cilium-config ConfigMap.
3. Modifying the namespace label is a relatively infrequent operation, so we believe that a delay should be acceptable in most cases.

Please ensure your pull request adheres to the following guidelines:

• For first time contributors, read Submitting a pull request
• All code is covered by unit and/or runtime tests where feasible.
• All commits contain a well written commit description including a title,
  description and a Fixes: #XXX line if the commit addresses a particular
  GitHub issue.
• If your commit description contains a Fixes: <commit-id> tag, then
  please add the commit author[s] as reviewer[s] to this issue.
• All commits are signed off. See the section Developer’s Certificate of Origin
• Provide a title or release-note blurb suitable for the release notes.
• Are you a user of Cilium? Please add yourself to the Users doc
• Thanks for contributing!

Fixes: #38030

A new option `--identity-max-jitter` adds a random delay to when Cilium reacts to namespace label updates. This jitter is intended to improve kube-apiserver resource usage at high scale.