Get rid of `get` `secrets` permission of dashboard client

[petersutter]

What would you like to be added: The get secrets permission of the dashboard client (which is "almost" as powerful as having the cluster-admin permission) is required for:

• Terminal bootstrapping logic
• https://github.com/gardener/dashboard/pull/943

https://github.com/gardener/dashboard/blob/79703af3a66ffbbd693d7aa941bf65ac7e3804a7/charts/gardener-dashboard/charts/application/templates/clusterrole.yaml#L63-L69

To get rid of the get secret permission we need to solve

• [x] https://github.com/gardener/dashboard/issues/748
• [x] https://github.com/gardener/monitoring/issues/11
• [x] https://github.com/gardener/dashboard/pull/1899
• [ ] Remove https://github.com/gardener/gardener/blob/5ed6ddbc750d160e818c4d6781bf609d6944ddf6/pkg/component/gardener/dashboard/rbac.go#L65-L69 for Dashboard version 1.76.0

Why is this needed:

[vlerenc]

Out of curiosity: Isn't the title somewhat misleading? The dashboard will always require permissions to read and write (cloud provider) secrets, but in that case (different than viewers), it's done with the end user token or what's the (current) state?

[petersutter]

yes correct. We always use the users token to read / write cloud provider secrets, but to read the monitoring secret we take the dashboard user https://github.com/gardener/dashboard/blob/master/backend/lib/services/shoots.js#L317-L324 I have updated the title accordingly so that it is clear that I'm talking about the dashboard client.