Introduce static analysis of operator RBAC

[maxgio92]

Describe the feature

The CI pipeline could integrate static security analysis on the (Cluster)Roles that the operator would run with.

What would the new user story look like?

As a maintainer, I would like that contribution would pass a static analysis of RBAC being introduced before being integrated.

This is one of the examples of shifting left the security, statically analyzing (SAST) before the integration of software.

Expected behavior

First step: RBAC

One first approach could be adding a job in the CI Github workflow, that would audit through tools.

Tools: BadRobot.

Badrobot is a Kubernetes Operator audit tool. It statically analyses manifests for high risk configurations such as lack of security restrictions on the deployed controller and the permissions of an associated clusterole. The risk analysis is primarily focussed on the likelihood that a compromised Operator would be able to obtain full cluster permissions.

[ptx96]

This will be nice for our quality gate checks!
Anyway, we should check if this overlap with kubescape