📖 [Docs] Document the granting of API access

[bentito]

Description

When operators or cluster extensions are installed through OLM, they often provide Custom Resource Definitions (CRDs) that expose new API resources. By default, cluster administrators may have full access to manage these resources, but non-admin users often require specific permissions to create, view, or edit these custom resource objects.

This PR adds a document to the Concepts dir to show how this works.

Fixes #1383

Reviewer Checklist

• API Go Documentation
• Tests: Unit Tests (and E2E Tests, if appropriate)
• Comprehensive Commit Messages
• Links to related GitHub Issue(s)

[netlify]

✅ Deploy Preview for olmv1 ready!

Name	Link
🔨 Latest commit	99d27c4
🔍 Latest deploy log	https://app.netlify.com/sites/olmv1/deploys/672cd4df92a4140008912e69
😎 Deploy Preview	https://deploy-preview-1407--olmv1.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 73.26%. Comparing base (1cb254c) to head (99d27c4).
Report is 26 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1407      +/-   ##
==========================================
- Coverage   73.43%   73.26%   -0.18%     
==========================================
  Files          42       42              
  Lines        3200     3063     -137     
==========================================
- Hits         2350     2244     -106     
+ Misses        663      644      -19     
+ Partials      187      175      -12     

Flag	Coverage Δ
e2e	54.91% <ø> (-0.12%)	⬇️
unit	52.56% <ø> (-0.72%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[LalatenduMohanty]

Fixes #1383

[joelanford]

I advocate for telling the story like this:

1. Here's how you find the groups and resources from the name of a ClusterExtension
2. Here's how you build view/edit/admin roles for those groups/resources
3. Here's how to bind those roles to users (or use role aggregation)

Right now, we have (1) at the end of the doc, and I kind of think that's burying the lead.

[bentito]

@joelanford check out the reordered document

[camilamacedo86]

/lgtm cancel

to allow others review it

[michaelryanpeter]

I left a few suggestions. Please feel free to take what is useful.

Please remember to update the mkdocs.yaml so that the content appears in the table of contents.

Lastly, I would format the procedures a little differently, but this is not a blocking issue. After the PR merges, I will open a follow up PR to show you what I have in mind, and maybe we can use that to make a template for future use.

Great work!

[jianzhangbjz]

cc: @kuiwang02 ^^

This review comment has been addressed.