Add securityContexts to confine kcp pods and set fsGroup correctly

[embik]

This PR adds what I mentioned over in the previous PR (https://github.com/kcp-dev/helm-charts/pull/38#discussion_r1253102023) to the kcp pod templates. I took the liberty to also enable seccomp profiles by default, a small security improvements usually recommended. I don't think kcp does any crazy syscalls that we would need to allow outside of seccomp.

The fsGroup is chosen based on the kcp Dockerfile setting the image up to use this user and group ID by default. For some environments, this is a necessary setting so the mounted PVC gets reconfigured correctly.

[embik]

/cc @mjudeikis

[kcp-ci-bot]

LGTM label has been added.

Git tree hash: 908a0ca813cd9feafa5e3f1ff68251b60b819119

[mjudeikis]

/approve /lgtm

[kcp-ci-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mjudeikis

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kcp-dev/helm-charts/blob/main/OWNERS)~~ [mjudeikis] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment