fix: fix KongLicense policy rule when using watch namespaces

[pmalek]

What this PR does / why we need it:

The KongLicense policy rule was incorrectly put into Role instead of the ClusterRole which causes KIC versions which have KongLicense controller enabled (3.1+) to issue errors:

2024-06-11 12:34:02.215 W0611 10:34:02.215528       1 reflector.go:539] pkg/mod/k8s.io/client-go@v0.29.1/tools/cache/reflector.go:229: failed to list *v1alpha1.KongLicense: konglicenses.configuration.konghq.com is forbidden: User "system:serviceaccount:my-company:my-company-kong-kong" cannot list resource "konglicenses" in API group "configuration.konghq.com" at the cluster scope
2024-06-11 12:34:02.215 E0611 10:34:02.215585       1 reflector.go:147] pkg/mod/k8s.io/client-go@v0.29.1/tools/cache/reflector.go:229: Failed to watch *v1alpha1.KongLicense: failed to list *v1alpha1.KongLicense: konglicenses.configuration.konghq.com is forbidden: User "system:serviceaccount:my-company:my-company-kong-kong" cannot list resource "konglicenses" in API group "configuration.konghq.com" at the cluster scope
2024-06-11 12:34:25.289 W0611 10:34:25.288829       1 reflector.go:539] pkg/mod/k8s.io/client-go@v0.29.1/tools/cache/reflector.go:229: failed to list *v1alpha1.KongLicense: konglicenses.configuration.konghq.com is forbidden: User "system:serviceaccount:my-company:my-company-kong-kong" cannot list resource "konglicenses" in API group "configuration.konghq.com" at the cluster scope
2024-06-11 12:34:25.289 E0611 10:34:25.289209       1 reflector.go:147] pkg/mod/k8s.io/client-go@v0.29.1/tools/cache/reflector.go:229: Failed to watch *v1alpha1.KongLicense: failed to list *v1alpha1.KongLicense: konglicenses.configuration.konghq.com is forbidden: User "system:serviceaccount:my-company:my-company-kong-kong" cannot list resource "konglicenses" in API group "configuration.konghq.com" at the cluster scope
2024-06-11 12:35:07.165 W0611 10:35:07.165101       1 reflector.go:539] pkg/mod/k8s.io/client-go@v0.29.1/tools/cache/reflector.go:229: failed to list *v1alpha1.KongLicense: konglicenses.configuration.konghq.com is forbidden: User "system:serviceaccount:my-company:my-company-kong-kong" cannot list resource "konglicenses" in API group "configuration.konghq.com" at the cluster scope
2024-06-11 12:35:07.165 E0611 10:35:07.165594       1 reflector.go:147] pkg/mod/k8s.io/client-go@v0.29.1/tools/cache/reflector.go:229: Failed to watch *v1alpha1.KongLicense: failed to list *v1alpha1.KongLicense: konglicenses.configuration.konghq.com is forbidden: User "system:serviceaccount:my-company:my-company-kong-kong" cannot list resource "konglicenses" in API group "configuration.konghq.com" at the cluster scope

This only came out when used with watchNamespaces because without it the ClusterRole contains both sets of policy rules.

And also given the fact that KongLicense is cluster scoped.

Which issue this PR fixes

Fixes #1083

Special notes for your reviewer:

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

• [x] PR is based off the current tip of the main branch.
• [x] Changes are documented under the "Unreleased" header in CHANGELOG.md
• [ ] New or modified sections of values.yaml are documented in the README.md
• [ ] Commits follow the Kong commit message guidelines