Admission for pod security context

[dacappo]

Description

A new security setting karydia.gardener.cloud/podSecurityContext is introduced to set the SecurityContext of pods secure-by-default. When nobody is configured for this setting, the user and group id of a pod's containers is set to id 65534 resp. nobody. This is accomplished by mutating the SecurityContext of each pod that does not explicitly define a SecurityContext.

Checklist

Before submitting this PR, please make sure:

• [x] you have added unit tests
• [x] you have added integration tests
• [x] your code builds clean with make
• [x] your code lets succeed unit tests with make test
• [x] your code lets succeed integration tests
• [x] you have documented new or changed features

[dacappo]

Probably should add the new feature to the overview table in "docs/features.md" in the karydia admission section.

I agree with you that the feature is missing there. In fact, it can be seen as a part of the karydia admission feature - which itself isn't really a feature but a means to implement it. Probably we should restructure the entire features doc to give readers a better overview.