Allow configurable authorization role-mappers

[ryanemerson]

The operator automatically configures the role-mapper AND the credentials used by the controllers based upon the client cert strategy configured in the Infinispan CR. The follow role-mapper configurations are applied:

clientCert: None | Validate -> cluster-role-mapper
clientCert: Authenticate -> common-name-role-mapper

A valid use-case is for a user to adopt the clientCert: validate strategy with a common-name-role-mapper to ensure that the CN of the certificate determines the capabilities of the client(s).

Currently it's not possible for the user to define a custom role-mapper via custom server configuration, as the Operator controllers need to be aware of the desired role-mapper in order to configure their rest client correctly.

We should add an optional field to the Infinispan CR that allows the role-mapper to be explicitly configured, with the previous defaults applied if the field is omitted.

Example Infinispan CR configuration:

spec:
  security:
    authorization:
      roleMapper: common-name-role-mapper