[secret-replicator] Add optional secretNamespace and securityContexts

[funkypenguin]

What this PR does / why we need it:

Adds optional support to the secret-replicator chart for:

1. Passing the SECRET_NAMESPACE env var
2. Setting the pod securityContext
3. Setting the container securityContext

Why do we need this?

Firstly, in our deployment, we want to isolate secret-replicator from the secrets which it generates.

Secondly, setting securityContexts allows "locking-down" the pod in sense of disabling privileged mode, enforcing readOnlyRootFilesystem (only at the container level).

All the changes I've prosposed are opt-in, and I've updated the README accordingly.

Special notes for your reviewer:

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

• [X] DCO signed
• [X] Chart Version bumped (if the pr is an update to an existing chart)
• [X] Variables are documented in the README.md
• [X] Title of the PR starts with chart name (e.g. [fluentd-elasticsearch])

[funkypenguin]

I messed up the commit signing somehow, so I created a new PR properly this time : https://github.com/kiwigrid/helm-charts/pull/418

Closing this one..