Feature: ImageRoleAuthorization + ClusterImageRoleAuthorization resources

[iwilltry42]

• Introduce ImageRoleAuthorization and ClusterImageRoleAuthorization CRDs in the [admin.acorn.io](http://admin.acorn.io) API-Group
• Introduce a feature flag which enables “deny-by-default” for all permissions (unless allowed by one of the above)

How to Test

1. Install acorn with acorn install --features image-role-authorizations=true
2. Have an Acorn ready that requests some permissions (you have to know them)
3. Run the Acorn
4. Ensure that the Acorn won't start properly and show an permissions denied error in the status output
5. Create an IRA that covers the image and references a role that covers the permissions - if you don't have a role like that, you can create it as well
6. Run the Acorn again
7. Verify that it now starts successfully

Here are some example files:

Acornfile:

containers: web: {
    image: "nginx"
    permissions: {
		// These are permissions that will only be granted for this container in its namespace.
		rules: [
      	  {
            verbs: ["*"],
        	apiGroups: ["foo.bar.com"],
            resources: ["*"]
     	   },
         ]
}

Role + IRA that just allow everything:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: acorn:system:cluster-admin
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs: ["*"]
---
apiVersion: admin.acorn.io/v1
kind: ImageRoleAuthorization
metadata:
  name: image-role-authz-superadmintest
  namespace: acorn
spec:
  imageSelector:
    namePatterns:
      - "**"
  roles:
    scopes:
      - cluster
    roleRefs:
      - name: acorn:system:cluster-admin
        kind: ClusterRole

[iwilltry42]

Spent a few days refining this and deploying to all environments, but now it's ready.

[sangee2004]

Tested with acorn version - v0.9.0-rc1-20-g1fc37ec2+1fc37ec2
This feature is available and the workflow mentioned in the issue works as expected.

Following are the issues found when testing this feature:

#2233
#2234