The team flux causes lots of 403 error events in the audit log

[dewe]

Each time a namespaced team flux is running its sync it gets a bunch of 403 Forbidden from the API, cluttering the the audit log with

{
    "kind": "Event",
    "apiVersion": "audit.k8s.io/v1",
    "level": "Metadata",
    "auditID": "20162fc3-bb05-458f-906e-8c3eb60f04a1",
    "stage": "ResponseComplete",
    "requestURI": "/apis/crd.k8s.amazonaws.com/v1alpha1/eniconfigs?labelSelector=fluxcd.io%2Fsync-gc-mark",
    "verb": "list",
    "user": {
        "username": "system:serviceaccount:team1:flux",
        "uid": "9b41e074-5dec-11ea-a627-06ab94fdafa0",
        "groups": [
            "system:serviceaccounts",
            "system:serviceaccounts:team1",
            "system:authenticated"
        ]
    },
    "sourceIPs": [
        "10.41.72.187"
    ],
    "userAgent": "fluxd/v0.0.0 (linux/amd64) kubernetes/$Format",
    "objectRef": {
        "resource": "eniconfigs",
        "apiGroup": "crd.k8s.amazonaws.com",
        "apiVersion": "v1alpha1"
    },
    "responseStatus": {
        "metadata": {},
        "status": "Failure",
        "reason": "Forbidden",
        "code": 403
    },
    "requestReceivedTimestamp": "2020-06-17T13:36:10.116307Z",
    "stageTimestamp": "2020-06-17T13:36:10.116387Z",
    "annotations": {
        "authorization.k8s.io/decision": "forbid",
        "authorization.k8s.io/reason": ""
    }
}

I guess its rooted in the cluster role flux-readonly. Is there anything we can do to improve the situation, or event have flux to not check stuff without having permission?