[bug] AccessManagement allows to specify credentials, cluster and service template chains only from the namespace where the kcm controller installed

[Algeran]

Describe the bug
It's not possible to specify the source namespace of credentials or template chains. AccessManagement object has the cluster scope, but it takes into account only objects from the namespace where the kcm controller is installed:

1. condition that filters template chains: https://github.com/k0rdent/kcm/blob/main/internal/controller/accessmanagement_controller.go#L207-L208
2. condition that filters credentials: https://github.com/k0rdent/kcm/blob/main/internal/controller/accessmanagement_controller.go#L231-L232

This feature works only if users that create and test templates work in the kcm controller namespace.

To Reproduce
Steps to reproduce the behavior:

1. create separate namespace
2. create in the new namespace cluster template and cluster template chain
3. edit accessmanagement and add to the clusterTemplateChains field the chain name from the new namespace (same if you add in format <namespace>/<template-chain-name>)
4. controller logs have errors:

   2025-01-30T13:56:17Z    ERROR   Reconciler error        {"controller": "accessmanagement", "controllerGroup": "k0rdent.mirantis.com", "controllerKind": "AccessManagement", "AccessManagement": {"name":"kcm"}, "namespace": "", "name": "kcm", "reconcileID": "7e66b58b-87e9-487a-9b4e-71c5a8d635b6", "error": "ClusterTemplateChain kcm-system/custom-aws-standalone-cp-0-0-5 is not found"}
   

Expected behavior
It should be possible to specify in the AccessManagement the source namespace for cluster/service template chains and credentials.