feat(sec) add securitycontext restrictions

[rainest]

What this PR does / why we need it:

Updates the container security context defaults with various settings.

Didn't stick the whole thing in the readme since it'd look a bit silly.

Which issue this PR fixes

Part of Kong/kubernetes-ingress-controller#4102

Special notes for your reviewer:

These settings apply the restricted pod security standard. Namespaces with restricted standards enforced will accept chart Pods with these settings in place.

The containerSecurityContext from values.yaml applies to all chart-managed containers equally. We do not support different security contexts for KIC and Kong containers.

The runAsUser setting is set to align with the current proxy image user ID, though I am basing this off partial knowledge of the build process and waiting on gateway team confirmation. The controller currently uses a different UID, but I intend to change that in Kong/kubernetes-ingress-controller#4911.

Basic testing suggested a mismatch between the controller image and runAsUser ID doesn't actually matter, which makes sense--our executable is world-executable and doesn't need to do anything on the filesystem. The Kong image has many more relevant files, though anything it writes all goes in emptydirs.

AFAIK there is no reason we should need any of the restricted capabilities under normal circumstances. As the context settings are part of values.yaml, they can be adjusted if you need to.

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

• PR is based off the current tip of the main branch.
• Changes are documented under the "Unreleased" header in CHANGELOG.md
• New or modified sections of values.yaml are documented in the README.md
• Commits follow the Kong commit message guidelines

[pmalek]

@rainest Did you intend to wait with this for something specific? The HOLD/DO NOT MERGE was still on.

Additionally I believe this deserves a CHANGELOG entry.