Add missing namespace creation for pomerium (#3099)

* Add missing namespace creation for pomerium

The namespace for pomerium is not created during the walkthrough so running the command to create the tls secret fails.

``` bash
% kubectl create secret tls pomerium-tls-ca --namespace=pomerium \
--cert="$(mkcert -CAROOT)/rootCA.pem" --key="$(mkcert -CAROOT)/rootCA-key.pem"
error: failed to create secret namespaces "pomerium" not found
```
This PR adds the creation of the namespace before running the tls secret command.

* move namespace creation cmd to prereqs

Co-authored-by: alexfornuto <afornuto@pomerium.com>

docs/docs/k8s/helm.md

@@ -19,7 +19,7 @@ This quick-start will show you how to deploy Pomerium with [Helm] on [Kubernetes
    - Export the configuration file from your Kubernetes host and export it to your `KUBECONFIG` environment variable (usually by placing it in `~/.kube`).
 
      See [Organizing Cluster Access Using kubeconfig Files] for more information.
-   - A namespace in the cluster for Pomerium. This document assumes the namespace `pomerium`.
+   - A namespace in the cluster for Pomerium. This document assumes the namespace `pomerium`, which you can create with `kubectl create namespace pomerium`.
 - A configured [identity provider].
 - A domain space. The steps below use `*.localhost.pomerium.io` as a placeholder value. We have set DNS records for this domain space to point to `127.0.0.1` (localhost), so you can use this domain space when testing Pomerium locally.
 - [TLS certificates]. If you don't yet have a production environment with trusted certificates, this page will cover using [mkcert] to create locally trusted certificates, and [cert-manager] to manage them in the cluster.