feat(k8s): add a configuration option to list allowed service accounts

[slonka]

Add a configuration option to list allowed service accounts for ValidatingAdmissionWebhook. This is needed for storageversionmigrator that creates modification request (that actually don't modify anything from the user perspective "...gets the object, then writes it back to the API server without modification.") .

fixes #6504

Tested locally with KUMA_RUNTIME_KUBERNETES_ALLOWED_SERVICE_ACCOUNTS=system:serviceaccount:kube-system:default and it works, storageversionmigrator stopped spinning and got:

I0411 09:35:51.902047       1 kubemigrator.go:127] meshes.kuma.io-tdj5q: migration succeeded
I0411 09:35:52.912257       1 kubemigrator.go:110] priorityclasses.scheduling.k8s.io-492zv: migration running
I0411 09:35:52.947596       1 kubemigrator.go:127] priorityclasses.scheduling.k8s.io-492zv: migration succeeded
...

Checklist prior to review

• Link to relevant issue as well as docs and UI issues --
• This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as a image registry) and it will work on Windows, system specific functions like syscall.Mkfifo have equivalent implementation on the other OS --
• Tests (Unit test, E2E tests, manual test on universal and k8s) --
• Do you need to update UPGRADE.md? --
• Does it need to be backported according to the backporting policy? -- not sure?
• Do you need to explicitly set a > Changelog: entry here or add a ci/ label to run fewer/more tests?

[slonka]

@lahabana should I backport this to all active releases? It doesn't panic / crash or hang but it does spin consuming a lot of CPU.

[lahabana]

I'd do without