bug: Missing list & watch role permissions when watching single namespace

[alexandrevilain]

Describe the issue

This is the same issue than: https://github.com/fluent/fluent-operator/issues/646 but for roles.

When deploying the chart with a single namespace watched using the --watch-namespaces flag, the operator complains about missing rights:

E0725 09:28:43.406703       1 reflector.go:140] pkg/mod/k8s.io/client-go@v0.26.3/tools/cache/reflector.go:169: Failed to watch *v1.Role: failed to list *v1.Role: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:logging:fluent-operator" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "logging"
W0725 09:28:48.261017       1 reflector.go:424] pkg/mod/k8s.io/client-go@v0.26.3/tools/cache/reflector.go:169: failed to list *v1.Role: roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:logging:fluent-operator" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "logging" 

To Reproduce

helm install fluent-operator --create-namespace -n fluent charts/fluent-operator/  \
    --set containerRuntime=containerd \
    --set Kubernetes=true \
    --set fluentbit.enable=true \
    --set fluentd.enable=false \
    --set operator.disableComponentControllers=fluentd \
    --set operator.extraArgs={--watch-namespaces=fluent}

Expected behavior

The helm chart should have the following rbac rules:

  - apiGroups:
      - rbac.authorization.k8s.io
    resources:
      - rolebindings
    verbs:
      - create
      - list
      - get
      - watch
      - patch
  - apiGroups:
      - rbac.authorization.k8s.io
    resources:
      - roles
    verbs:
      - create
      - list
      - get
      - watch
      - patch

Your Environment

- Fluent Operator version: 3.0.0
- Container Runtime:
- Operating system:
- Kernel version:

How did you install fluent operator?

See how to reproduce.

Additional context

No response