feat: easier permission management for pipelines

[abangser]

By default Kratix creates a service account for use by pipelines. They are deterministically named (using the name of the Promise) and this allows for users to provide permissions to the pipelines using Kubernetes native options such as RBAC. There are two service accounts created per Promise. One for the promise workflows (both configure and delete) and one for the resource workflows (both configure and delete).

While the promise workflows always run in the kratix-platform-system namespace, the resource workflows run in the namespace where the request comes into. This is not always deterministic and therefore users right now need to manage copying any data (e.g. secrets or configmaps) and any permissions (e.g. rolebindings) over into each namespace a user might make a request from. This isn't a great experience.

We want permission to be something that is more native to the Promise writing experience and therefore can be created on request rather than separately managed. Some designs are being drawn up, if this is interesting please reach out!

Note: this is different from more control over permissions which will be handed in #193.

[kirederik]

We are rethinking the permissions model for the Kratix Pipeline; work will be tracked in these stories:

• feat(breaking): one service account per pipeline #195
• feat: allow promise writer to set the Service Account in a pipeline #196
• feat: allow promise writers to define the permissions for the pipeline service account #197
• feat: allow promise writers to define permissions across namespaces #198

[abangser]

This issue was covered by the work described above