Fix ServiceMonitor RBAC for authenticated metrics endpoints

[anik120]

Add /metrics nonResourceURL permission to allow Prometheus in OCP to access authenticated metrics without HTTP 500 errors.

Description of the change:

Motivation for the change:

Architectural changes:

Testing remarks:

Reviewer Checklist

• Implementation matches the proposed design, or proposal is updated to match implementation
• Sufficient unit test coverage
• Sufficient end-to-end test coverage
• Bug fixes are accompanied by regression test(s)
• e2e tests and flake fixes are accompanied evidence of flake testing, e.g. executing the test 100(0) times
• tech debt/todo is accompanied by issue link(s) in comments in the surrounding code
• Tests are comprehensible, e.g. Ginkgo DSL is being used appropriately
• Docs updated or added to /doc
• Commit messages sensible and descriptive
• Tests marked as [FLAKE] are truly flaky and have an issue
• Code is properly formatted

[anik120]

Fyi I've been trying to test this change downstream here, but getting an openshift cluster today has been a challenge (due to limited shared cluster availability)

[anik120]

/hold

I have to fix something

[anik120]

/hold cancel

[anik120]

Fyi for reviewers:

I've added another commit that skips the metrics e2e tests for now. They were using a very hacky (pod proxy) method to fetch the metrics, which doesn't work anymore in Openshift since the metrics endpoints are secure by default in Openshift.

I have to redesign the test suite structure to work with the authentication mechanism, which I plan on doing soon after as a follow up

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: grokspawn

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [grokspawn]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment