Restic: enable reduced mover permissions

[JohnStrunk]

Describe the feature you'd like to have.
It should be possible to run the restic mover both with its current elevated permissions as well as with normal user permissions

What is the value to the end user? (why is it a priority?)
Running as a normal user is sufficient for typical replication scenarios, and it improves the security of the cluster by not running Pods w/ elevated permissions in the user's Namespace.

How will we know we have a good solution? (acceptance criteria)

• Mover uses the flag provided by Support a Namespace annotation indicating elevated privileges are ok for movers #365 to determine how the mover pod should be invoked
• Mover container image is able to run as both a normal user (UID != 0) and as UID==0
• "Elevated permission" mode preserves permissions/uid/gid, etc. to the extent possible given restic
• "Normal permission" provides best-effort preservation of metadata

Additional context

• Depends on Support a Namespace annotation indicating elevated privileges are ok for movers #365
• Special attention to the restic cache volume may be necessary. In the case of OpenShift, the PVC will be automatically made accessible to the mover pod, but in vanilla kube, explicit setting of fsGroup or supplementalGroups may be necessary.

[JohnStrunk]

/assign