Argo-cd: Openshift and label kubectl.kubernetes.io/last-applied-configuration cause unwanted resource to be tracked

If you are trying to resolve an environment-specific issue or have a one-off question about the edge case that does not require a feature then please consider asking a
question in argocd slack channel.

Checklist:

• [X] I've searched in the docs and FAQ for my answer: http://bit.ly/argocd-faq.
• [X] I've included steps to reproduce the bug.
• [X] I've pasted the output of argocd version.

Describe the bug

The following is a config map on openshift holding list of users:
oc get secret htpass-secret -n openshift-config

When I added that configmap to my argo cd git repo and synced it with the app.kubernetes.io/instance label , it immediately became outofsync and then argo cd added a new strange resource in the GUI - appears to be some openshift operator that does magic behind the scenes.
The new resource was:

kind: Secret
  name: v4-0-config-user-idp-0-file-data
  namespace: openshift-authentication

It also has a field:

metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |

Which in turn holds all the YAML for the htpass-secret resource including the app.kubernetes.io/instance which I guess is why Argo CD started to track it.
Checked and the new resource does not have a ownerReference field set.

How do I get rid of the unwanted resource?
Can I exclude type secret, namespace openshift-authentication, name: v4-0-config-user-idp-0-file-data somehow?

To Reproduce

On openshift:

• oc get secret htpass-secret -n openshift-config >htpass-secret.yaml
  Example:

apiVersion: v1
data:
  htpasswd: xxxxxxxxxxxxxxxxxxxxx
kind: Secret
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"htpasswd":"xxxxxxxxxxxxxx"},"kind":"Secret","metadata":"labels":{"app.kubernetes.io/instance":"test"},"name":"htpass-secret","namespace":"openshift-config"},"type":"Opaque"}
  creationTimestamp: "2020-01-27T14:12:42Z"
  labels:
    app.kubernetes.io/instance: test
  name: htpass-secret
  namespace: openshift-config
  resourceVersion: "251416039"
  selfLink: /api/v1/namespaces/openshift-config/secrets/htpass-secret
  uid: 0e5b55d6-b681-46fd-82e7-788627275bd9
type: Opaque

• clean up unwanted fields in htpass-secret.yaml
• add htpass-secret.yaml to git repo
• sync git repo with argo cd
  A new resource will be added to Argo CD GUI as unsynced:

apiVersion: v1  
data:   
  htpasswd: ++++++++    
kind: Secret    
metadata:   
  annotations:  
    kubectl.kubernetes.io/last-applied-configuration: >-    
      {"apiVersion":"v1","data":{"htpasswd":"++++++++"},"kind":"Secret","metadata":"labels":{"app.kubernetes.io/instance":"test"},"name":"htpass-secret","namespace":"openshift-config"},"type":"Opaque"}   
  labels:   
    app.kubernetes.io/instance: test    
  name: v4-0-config-user-idp-0-file-data    
  namespace: openshift-authentication   
  resourceVersion: '251416040'  
  selfLink: >-  
    /api/v1/namespaces/openshift-authentication/secrets/v4-0-config-user-idp-0-file-data    
  uid: bbb7486e-ee94-4fc7-ab5a-ee3ea477861e 
type: Opaque

Expected behavior

Only the specific resource should be tracked

Screenshots

If applicable, add screenshots to help explain your problem.

Version

argocd: v1.5.7+e7d1553
  BuildDate: 2020-06-09T18:13:05Z
  GitCommit: e7d1553cfc10e059acd39914a35ed3450eab7574
  GitTreeState: clean
  GoVersion: go1.14.1
  Compiler: gc
  Platform: linux/amd64
argocd-server: v1.5.5+0fdef48
  BuildDate: 2020-05-16T04:04:43Z
  GitCommit: 0fdef4861e12026e133224f7c9413072340e2983
  GitTreeState: clean
  GoVersion: go1.14.1
  Compiler: gc
  Platform: linux/amd64
  Ksonnet Version: v0.13.1
  Kustomize Version: {Version:kustomize/v3.5.4 GitCommit:3af514fa9f85430f0c1557c4a0291e62112ab026 BuildDate:2020-01-11T03:12:59Z GoOs:linux GoArch:amd64}
  Helm Version: version.BuildInfo{Version:"v3.2.0", GitCommit:"e11b7ce3b12db2941e90399e874513fbd24bcb71", GitTreeState:"clean", GoVersion:"go1.13.10"}
  Kubectl Version: v1.14.0.

Logs

-