Improve RBAC for the operator

[Kidswiss]

Summary

Previously the operator had the pod/exe permissions with the verb create. Which is necessary for K8up to create and bind the namespaced roles where the actual backups happen.

To harden the RBAC a bit we're now deploying a clusterRole which contains the necessary RBAC rules. Also K8up is now allowed to bind exactly this clusterRole.

While this doesn't mitigate all potential exploits in case the K8up operator pod is accessed by a malicious party, it makes it harder for the malicious party to abuse K8up's permissions.

Checklist

For Code changes

• [x] Categorize the PR by setting a good title and adding one of the labels: bug, enhancement, documentation, change, breaking, dependency as they show up in the changelog
• [x] PR contains the label area:operator
• [x] Link this PR to related issues
• [ ] I have not made any changes in the charts/ directory.

[Kidswiss]

Even though we should not change anything in the /chart folder, for this to work with the e2e I have to change the chart here as well. Let's hope the CI/CD process doesn't break too hard due to this...