Update and create policy for updating the Confluent Schema Registry image

[jonathansick]

We currently hardcode the Schema Registry image version:

https://github.com/lsst-sqre/strimzi-registry-operator/blob/72a2be9919664ba3cb9adf2afa44c987e0e9bd56/strimziregistryoperator/deployments.py#L167

We should develop a pattern for updating this/maintaining this:

• In new versions of strimzi-registry-operator, update the default image.
• In StrimziSchemaRegistry, add a "registryImage" configuration field that allows a user to independently set the image version, replacing the default.

[harksodje]

@jonathansick Thanks.

apiVersion: roundtable.lsst.codes/v1beta1
kind: StrimziSchemaRegistry
metadata:
  name: confluent-schema-registry
spec:
  strimziVersion: v1beta2
  listener: tls
  compatibilityLevel: forward
  registryImage: confluentinc/cp-schema-registry
  registryImageTag: "7.2.1"

This is my present configuration, though, my pod log still pointing to permission issue. kopf._cogs.clients.errors.APIForbiddenError: ('secrets is forbidden: User "system:serviceaccount:kafka:strimzi-registry-operator" cannot list resource "secrets" in API group "" in the namespace "kafka"', {'kind': 'Status', 'apiVersion': 'v1', 'metadata': {}, 'status': 'Failure', 'message': 'secrets is forbidden: User "system:serviceaccount:kafka:strimzi-registry-operator" cannot list resource "secrets" in API group "" in the namespace "kafka"', 'reason': 'Forbidden', 'details': {'kind': 'secrets'}, 'code': 403}) [2022-10-24 12:19:57,461] kopf._cogs.clients.w [DEBUG ] Stopping the watch-stream for customresourcedefinitions.v1.apiextensions.k8s.io cluster-wide.