readOnlyRootFileSystem compatibility with AppProtect WAF

[brianehlert]

Discussed in https://github.com/nginxinc/kubernetes-ingress/discussions/5156

^{Originally posted by **brianehlert** February 22, 2024} Customers use the readOnlyRootFileSystem capability to align with security policy and customers would like to also use this when NAP WAF is included with NIC. The current implementation of readOnlyRootFileSystem does not support the NAP WAF module and thus the capability needs to be extended to support NAP WAF module behavior and paths necessary.

Notes:

• this can take the v5 work into consideration
• when originally written the focus was v4
• unknown how this impacts v5 considering new enforcer container is introduced

### Tasks
- [ ] https://github.com/nginxinc/kubernetes-ingress/issues/6562

### WAF v5 considerations
- [x] Investigate impact of `readOnlyRootFileSystem=true` now that `waf-enforcer` and `waf-config-mgr` are separated from deployments

[brianehlert]

Given the new support for WAF v5 with NIC 3.6, is this still relative?