Add default seccomp profile for Managed/Core Components

[TheoBrigitte]

From @Strigix

As part of the roadmap issue #259
Managed applications and core components need to have a default seccomp profile set.

Some repositories have already gotten the required changes. For team Atlas the ones we'd like you ask you to do are:

• Grafana
• kube-state-metrics
• macropower-analytics-panel-server
• prometheus-meta-operator

Step by step you'll need to at at least:

1. Set seccompprofile on RuntimeDefault in container and pod security context
2. Allow the use of said profiles in the PSP
3. Allow the use of the proper volumes in the PSP (Otherwise pods will have trouble running see: Add Seccomp default profile to managed apps and core components #259 (comment))

Here's an example for step 1 and 2:
giantswarm/node-operator@d0c8f18

Here's an example for step 3:
giantswarm/dns-operator-route53@e751393

NOTE: These are the volumes allowed by the restricted PSP as an example, your applications might not need them all, or needs others. We've seen most issues with the volumes Secrets, Projected, and ConfigMap.

[TheoBrigitte]

How important is this @Strigix ?

[Strigix]

It gets more important the closer we are to deprecating PSP.
After we set Kyverno on 'enforce' and move away from PSP these components will be not be able to run in clusters without having at least a DefaultRuntime seccomp profile set.

[QuentinBisson]

@TheoBrigitte I think we're done as we have no policy violations on 19.1.0 release anymore