Missing lease RBAC permissions

[invidian]

With #157 merged, operator now fails to acquire the lease with the following error: flatcar-linux-update-operator-78dd8d45ff-z5899 update-operator E0531 13:25:23.785354 1 leaderelection.go:334] error initially creating leader election record: leases.coordination.k8s.io is forbidden: User "system:serviceaccount:flatcar-linux-update-operator:flatcar-linux-update-operator-sa" cannot create resource "leases" in API group "coordination.k8s.io" in the namespace "flatcar-linux-update-operator"

I think we need to add following RBAC rules:

diff --git a/examples/deploy/rbac/cluster-role.yaml b/examples/deploy/rbac/cluster-role.yaml
index 16e0ba6f..662302a4 100644
--- a/examples/deploy/rbac/cluster-role.yaml
+++ b/examples/deploy/rbac/cluster-role.yaml
@@ -51,6 +56,21 @@ rules:
       - podsecuritypolicies
     verbs:
       - use
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - flatcar-linux-update-operator-lock
+    verbs:
+      - get
+      - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

We could actually make ConfigMap rules tighter in similar way while we're at it (#146):

diff --git a/examples/deploy/rbac/cluster-role.yaml b/examples/deploy/rbac/cluster-role.yaml
index 16e0ba6f..662302a4 100644
--- a/examples/deploy/rbac/cluster-role.yaml
+++ b/examples/deploy/rbac/cluster-role.yaml
@@ -18,10 +18,15 @@ rules:
       - configmaps
     verbs:
       - create
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    resourceNames:
+      - flatcar-linux-update-operator-lock
+    verbs:
       - get
       - update
-      - list
-      - watch
   - apiGroups:
       - ""
     resources:

Also while working on #36, we should make sure such cases can be captured.

CC @ateleshev