We should add a validating webhook to ensure the peer key is a known key for the cluster. We find that some teams have deployed lockboxes for one cluster into another, and are surprised when their secrets are not created. We should prevent this by returning an error during deployment.