CNS-2801 - Minimize the operator's RBAC access

[ltsonov-cb]

Main PR change
The main change in this MR is to reduce the RBAC of the operator's roles. As it stands, the operator has cluster-wide access to many objects, including secrets and configmaps. This is not strictly required and came to be because that is the default of kubebuilder and the operator-sdk.

To implement this in a good way, we decided to tie the operator + agent together and always deploy in the same namespace. The namespace cannot be changed when using the setup wizard. It can be changed by a cluster admin when deploying via Helm, but not via the operator itself.

This was made because the operator could previously move the agent around based on the CRD's Namespace value. But to scope the RBAC in that case, we require ClusterRoles or elevate permission so the operator can "assume" the required permissions in any namespace. This was deemed as too high risk for no real value, as we don't see customers changing the agent's namespace post-deployment without good reason (or needing the operator to be in a separate namespace).

The current operator RBAC is split in two roles - ClusterRole for cluster-wide resources (nodes, webhooks, priorityclasses, etc.) and a Role for anything that has a namespace.
In addition, for cluster resources we try to restrict the operations by resource name as well. For create, list, watch verbs this is not possible so we have two sets of permissions - one for those verbs and one for the remaining ones. See k8s docs for additional info.

Note that this introduces three functional (but not API) breaking changes - the deprecated CRD Namespace value, the same-namespace enforcement and the restructured Helm charts. So it is planned to be bundled in the next major operator release.

Summarized changes

1. Operator's namespace is mounted on the pod as env var and used to deploy all other agent resources in the same namespace. If one isn't found, a fallback is used (cbcontainers-dataplane)
2. CRD Namespace field remains but is not used in any way anymore (previously the operator would use it to deploy agent components)
3. The dataplane accounts+roles have been moved under the operator chart. This way all namespace items (except the agent secret) are controlled in 1 place and the flow is the same as-if one was using the setup-wizard APIs.
4. The Helm Readme's have been updated. I also removed the references to Helm repositories as we don't currently plan to have a public helm repository for the chart, we will only support installing from source.
5. Synced the helm's operator chart - it was missing some items from the last 3-4 months.
6. Split the operator's role into ClusterRole+Role
7. Removed the imagePullSecret from the dataplane accounts, it's not needed for them (they pull from cbartifactory)
8. [Minor] Changed the operator's logger to display dates instead of milliseconds-since-epoch since the latter was useless to human readers (and our logs are currently design for them).
9. [Minor] moved the dataplane roles in a subfolder under rbac to make it clearer. I think some more restructuring there would be nice in a separate PR.

Tests:

• Manual test suite when applying via helm and createNamespace=false,operatorNamespace=X
• Manual test suite when applying via helm and createNamespace=true
• Manual test suite when applying via create_operator_spec

[asankov-cb]

This PR will also resolve #117

[BenRub]

Doesn't really matter
Is this line necessary? (and in other files)
The function NamespacedName takes care on this.
Just so we won't have confusion in the future.

I also wrote a comment next to the c.SetNamespace() in state applier about passing the namespace as a parameter to DesiredK8sObjectes New functions

[ltsonov-cb]

Done - both the constructor and removing these lines.