Challenge with adding ServiceAccount to all my pods for AuthorizationPolicy

If I want to add istio service to service access control in my cluster by defining AuthorizationPolicy for each micro-service. I need to define a service account per deployment to allow traffic from that pod. It may sound reasonable, but it can be painful if I have hundreds of deployments. Similar pain can be a simple change of pod limit to all my deployments in such a cluster

Are there tools that help me to do so? manage my deployments \ services \ daemon sets into higher level meaningful “micro-service” \ “application” \ “workload” ?

Of course, I can structure my Helm charts to have generic “workload” base charts, but I wonder if there are open-source or proprietary tools for that.