feat: more control over the permissions model for pipelines

[abangser]

By default Kratix creates a service account for use by pipelines. They are deterministically named (using the name of the Promise) and this allows for users to provide permissions to the pipelines using Kubernetes native options such as RBAC. There are two service accounts created per Promise. One for the promise workflows (both configure and delete) and one for the resource workflows (both configure and delete).

While convenient, this can also be limiting. For example, some users want to provide existing service accounts.

Please feel free to share any other use cases you have for flexibility with pipeline permissions to be included in any implementation designs.

[kirederik]

We are rethinking the permissions model for the Kratix Pipeline; work will be tracked in these stories:

• feat(breaking): one service account per pipeline #195
• feat: allow promise writer to set the Service Account in a pipeline #196
• feat: allow promise writers to define the permissions for the pipeline service account #197
• feat: allow promise writers to define permissions across namespaces #198

[abangser]

This issue was covered by the work above. For more detail check out the docs here: https://docs.kratix.io/main/reference/workflows#rbac