Make Prometheus operator conform to restricted pod security standards

[AndersBennedsgaard]

It is not possible to configure the Seccomp profile for the Helm hook jobs (such as https://github.com/neticdk/k8s-oaas-observability/blob/main/charts/prometheus-operator/templates/admission-webhooks/job-patch/job-patchWebhook.yaml) so whenever you use the pod-security.kubernetes.io/enforce: restricted namespace label where you install the Prometheus operator, the pre-install hooks never run.

[langecode]

The whole webhook installation setup should be rewritten. The chart has been bumped a major version and the webhook setup removed for now - it may be introduced again but it should be based on cert-manager instead. The old version was copy/paste from the kube-prometheus-stack chart but since the prometheus-community project did not want to split out the prometheus-operator installation it was created here.

The webhook configuration should be similar to this: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/webhook.md