fix: Remove permissions that don't exist

[mikebryant]

We're using ArgoCD Service Account Impersonation to deploy. This relies on Privilege escalation prevention

Currently I'm getting errors like:

clusterroles.rbac.authorization.k8s.io "shield-cluster" is forbidden: user "system:serviceaccount:security-system:argocd-deployer" (groups=["system:serviceaccounts" "system:serviceaccounts:security-system" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
{APIGroups:[""], Resources:["clusterrolebindings"], Verbs:["get" "list" "watch"]}
{APIGroups:[""], Resources:["clusterroles"], Verbs:["get" "list" "watch"]}
{APIGroups:[""], Resources:["clusterversions"], Verbs:["get" "list" "watch"]}
{APIGroups:[""], Resources:["controllerrevisions"], Verbs:["get" "list" "watch"]}
{APIGroups:[""], Resources:["cronjobs"], Verbs:["get" "list" "watch" "get" "list" "watch"]}
{APIGroups:[""], Resources:["daemonsets"], Verbs:["get" "list" "watch" "get" "list" "watch"]}
{APIGroups:[""], Resources:["deployments"], Verbs:["get" "list" "watch" "get" "list" "watch"]}
{APIGroups:[""], Resources:["horizontalpodautoscalers"], Verbs:["get" "list" "watch"]}
{APIGroups:[""], Resources:["ingressclasses"], Verbs:["get" "list" "watch"]}
{APIGroups:[""], Resources:["ingresses"], Verbs:["get" "list" "watch"]}
{APIGroups:[""], Resources:["jobs"], Verbs:["get" "list" "watch" "get" "list" "watch"]}
{APIGroups:[""], Resources:["networkpolicies"], Verbs:["get" "list" "watch"]}
{APIGroups:[""], Resources:["pods"], Verbs:["delete"]}
{APIGroups:[""], Resources:["podsecuritypolicies"], Verbs:["get" "list" "watch"]}
{APIGroups:[""], Resources:["replicasets"], Verbs:["get" "list" "watch" "get" "list" "watch"]}
{APIGroups:[""], Resources:["rolebindings"], Verbs:["get" "list" "watch"]}
{APIGroups:[""], Resources:["roles"], Verbs:["get" "list" "watch"]}
{APIGroups:[""], Resources:["secrets"], Verbs:["get" "list" "watch" "get" "list" "watch" "get" "get" "list" "watch"]}
{APIGroups:[""], Resources:["statefulsets"], Verbs:["get" "list" "watch" "get" "list" "watch"]}
{APIGroups:[""], Resources:["storageclasses"], Verbs:["get" "list" "watch"]}
{APIGroups:[""], Resources:["volumeattachments"], Verbs:["get" "list" "watch"]}
...many more

This appears to be because the ClusterRoles are misconfigured to reference lots of permissions that do not actually exist.

This PR cleans those up by using the correct api groups to reference them.

In addition it removes some "*" grants, as per least-privilege best practice.

What this PR does / why we need it:

Checklist

• Title of the PR starts with type and scope, (e.g. feat(agent,node-analyzer,sysdig-deploy):)
• Chart Version bumped for the respective charts
• Variables are documented in the README.md (or README.tpl in some charts)
• Check GithubAction checks (like lint) to avoid merge-check stoppers
• All test files are added in the tests folder of their respective chart and have a "_test" suffix

[github-actions]

Hi @mikebryant. Thanks for your PR.

After inspecting your changes someone with write access to this repo needs
to approve and run the workflow.