Automated cherry pick of #3691: Reduce permission of antrea-agent service account

[xliuxu]

Cherry pick of #3691 on release-1.5.

#3691: Reduce permission of antrea-agent service account

For details on the cherry pick process, see the cherry pick requests page.

[codecov-commenter]

Codecov Report

Merging #3749 (a5b60ab) into release-1.5 (3d88249) will decrease coverage by 0.17%.
The diff coverage is 78.94%.

@@               Coverage Diff               @@
##           release-1.5    #3749      +/-   ##
===============================================
- Coverage        60.85%   60.68%   -0.18%     
===============================================
  Files              332      333       +1     
  Lines            28518    39150   +10632     
===============================================
+ Hits             17356    23757    +6401     
- Misses            9266    13394    +4128     
- Partials          1896     1999     +103     

Flag	Coverage Δ
e2e-tests	52.46% <77.63%> (?)
kind-e2e-tests	50.18% <79.62%> (+0.36%)	⬆️
unit-tests	41.44% <82.35%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/antctl/antctl.go	66.66% <ø> (ø)
pkg/querier/querier.go	55.00% <ø> (-2.15%)	⬇️
...nt/apiserver/handlers/serviceexternalip/handler.go	51.85% <51.85%> (ø)
...g/agent/controller/serviceexternalip/controller.go	80.82% <93.47%> (-0.04%)	⬇️
pkg/agent/apiserver/apiserver.go	66.66% <100.00%> (-2.90%)	⬇️
pkg/agent/cniserver/pod_configuration_linux.go	26.31% <0.00%> (-40.36%)	⬇️
pkg/controller/ipam/antrea_ipam_controller.go	48.71% <0.00%> (-31.57%)	⬇️
pkg/controller/networkpolicy/endpoint_querier.go	61.46% <0.00%> (-29.97%)	⬇️
pkg/controller/egress/controller.go	62.19% <0.00%> (-26.26%)	⬇️
.../registry/networkpolicy/clustergroupmember/rest.go	64.28% <0.00%> (-23.95%)	⬇️
... and 299 more

[tnqn]

/test-all

[tnqn]

/skip-networkpolicy
/skip-conformance
manually verified above tests.