Look into potential race condition with secret creation on first deploy

After changing to external secrets there's a potential race condition on the first deployment because the `deployment` and `externalsecret` are created at the same time, but the `deployment` requires a `secret` to be present. The service will eventually start but the deploy itself will fail.
Maybe create the external secret before the deployment and then wait on the secret to be created?