add view aggregate clusterrole

[majst01]

In order to allow k8s users with *-all-all-view access our resources like cwnp and firewall add a aggregate clusterrole with a proper label to enable this permission inheritance. Also add shortname for ClusterwideNetworkpolicy (cwnp) and Firewall (fw)

TODO:

• [x] unsure if this is the correct place, or gepm would be more appropriate, done in https://github.com/metal-stack/gardener-extension-provider-metal/pull/181

Once https://github.com/metal-stack/gardener-extension-provider-metal/pull/181 is merged, this should be merged as well

[Gerrit91]

I also think that GEPM would be a better fit. Then you can also deploy it only if the group-rolebinding controller ("authEnabled") gets deployed. I guess it is somehow related to this component?

[droid42]

I also think that GEPM would be a better fit. Then you can also deploy it only if the group-rolebinding controller ("authEnabled") gets deployed. I guess it is somehow related to this component?

Role-aggregation is IMHO not related (at least not tied) to the rolebinding controller. It enables you to add permissions on resources of your api-groups to the default kubernetes cluster-roles, e.g. "view", "edit" or "admin", which is very useful. One can think of this as deployment specific in a way that you want to enable the default view to also view the resources of your api-group only for specific environments/clusters. In other environments you may want to create a separate role/binding to be more fine grained.