[PMK-6474] : Restrict TLS cipher suites for kube-rbac-proxy container

Fixes PMK-6474
Use the image quay.io/brancz/kube-rbac-proxy:v0.18.0 consistently instead of older versions from gcr.io/kubebuilder/kube-rbac-proxy
Update README.md with minor markdown syntax fixes - and added a how to build section
Update whereabouts image to a new patch with security fixes
Fix the security issue flagged by network vulnerability scanning tools by setting the minimum version of TLS to v1.2 and restricting the set of TLS cipher suites to the following secure ciphers

        - --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - --tls-min-version=VersionTLS12

On updating the addon-operator configuration to use the updated images, the following output shows the relevant pods running

root@test-pf9-qbert-bare-os-u20-3309216-470-1:~# kubectl get pod -n luigi-system luigi-controller-manager-6665fbdbdc-rjjh2 -oyaml | grep -i image:
    image: quay.io/brancz/kube-rbac-proxy:v0.18.0
    image: docker.io/platform9/luigi-plugins:v0.5.6
    image: quay.io/brancz/kube-rbac-proxy:v0.18.0
    image: docker.io/platform9/luigi-plugins:v0.5.6

root@test-pf9-qbert-bare-os-u20-3309216-470-1:~# kubectl get pod -n luigi-system  whereabouts-22gm9 -oyaml | grep -i image:
    image: docker.io/platform9/whereabouts:v0.6.3-pmk-3299438
    image: docker.io/platform9/whereabouts:v0.6.3-pmk-3299438

root@test-pf9-qbert-bare-os-u20-3309216-470-1:~# kubectl get pod -n hostplumber hostplumber-controller-manager-2bvwp -oyaml | grep -i image:
    image: quay.io/brancz/kube-rbac-proxy:v0.18.0
    image: docker.io/platform9/hostplumber:v0.5.6
    image: quay.io/brancz/kube-rbac-proxy:v0.18.0
    image: docker.io/platform9/hostplumber:v0.5.6

root@test-pf9-qbert-bare-os-u20-3309216-470-1:~# kubectl get pods -A | grep -i plumber
hostplumber            hostplumber-controller-manager-2bvwp        2/2     Running   0          19h
hostplumber            hostplumber-controller-manager-ftgqd        2/2     Running   0          19h
hostplumber            hostplumber-controller-manager-hch5n        2/2     Running   0          19h
hostplumber            hostplumber-controller-manager-jzw5c        2/2     Running   0          19h

root@test-pf9-qbert-bare-os-u20-3309216-470-1:~# kubectl get pods -A | grep -i luigi
luigi-system           cert-manager-9dfd8cdc6-pflwh                1/1     Running   0          20h
luigi-system           cert-manager-cainjector-cc668794-mz6fd      1/1     Running   0          20h
luigi-system           cert-manager-webhook-68447b9c99-pxqn4       1/1     Running   0          20h
luigi-system           luigi-controller-manager-6665fbdbdc-rjjh2   2/2     Running   0          20h
luigi-system           whereabouts-22gm9                           1/1     Running   0          20h
luigi-system           whereabouts-46779                           1/1     Running   0          20h
luigi-system           whereabouts-fbxl6                           1/1     Running   0          20h
luigi-system           whereabouts-pz6x5                           1/1     Running   0          20h
luigi-system           whereabouts-rxqsm                           1/1     Running   0          20h

root@test-pf9-qbert-bare-os-u20-3309216-470-1:~# nmap --script ssl-enum-ciphers -p 8443 localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2024-07-14 16:33 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000098s latency).

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds

platform9 / luigi

[PMK-6474] : Restrict TLS cipher suites for kube-rbac-proxy container #213