Allow to run with restricted pod security standards

[ramondeklein]

It's possible to enforce pod security standards by either adding labels or by configuring the built-in admission controller. There are three modes available: privileged (default), baseline and restricted. It looks like both the operator and tenants work in restricted mode, but it requires that all containerSecurityContext values need the following settings:

allowPrivilegeEscalation: false
capabilities:
  drop:
    - ALL
seccompProfile:
  type: RuntimeDefault

This setting can be found in the following places:

• operator.containerSecurityContext (Operator helm chart)
• console.containerSecurityContext (Operator helm chart)
• tenant.pools[*].containerSecurityContext (Tenant helm chart)

This PR adds these values to the Helm charts values.yaml files to ensure that the deployment/stateful-set is also allowed when pod security is set to restricted.

The console is also updated to ensure that it also deploys tenant resources with these values set. All CI/CD tests are updated so they run with the operator namespace in restricted mode.

[cniackz]

I have tested the changes, and I can deploy tenants and place objects with these values. This modification appears promising to me, especially when the pod-security.kubernetes.io/enforce=restricted label is utilized in the namespace.

[cniackz]

If the decommissioning test fails, I believe we can disregard this failure as it is not relevant. However, the improvements needed for the test itself should be addressed in a new PR.

[cniackz]

@ramondeklein approved but let's resolve conflicts

[cniackz]

Great, currently reviewing and testing!

[cniackz]

All good, just a minor change requested. And thank you for adding the test in the Helm chart.

[ramondeklein]

All good, just a minor change requested. And thank you for adding the test in the Helm chart.

Added newline, so review became stale...