Implement common securityContext PSP mutations using Gatekeeper

[OlleLarsson]

Is your feature request related to a problem? Please describe.
Part of Kubernetes PSP replacement.

We want to replicate the restricted PSP securityContext mutations using Gatekeeper.
This is convenient for them as it involves less for them when migrating from PSP to PSA + Gatekeeper.

Below is a description of the fields that the restricted PSP might mutate (information taken from here):

1. spec.fsGroup might assign spec.securityContext.fsGroup: 1
2. spec.supplementalGroups might assign spec.securityContext.supplementalGroups: 1
3. spec.runAsGroup might assign spec.[init]containers[*].securityContext.runAsGroup: 1
4. spec.allowPrivilegeEscalation might assign spec.[init]containers[*].securityContext.allowPrivilegeEscalation: false
5. spec.runAsUser might assign spec.[init]containers[*].securityContext.runAsNonRoot: true (we don't have mustRunAs specified so it won't assign spec...runAsUser)
6. spec.requiredDropCapabilities might assign spec.[init]containers[*].securityContext.capabilities.drop: ["ALL"]
7. metadata.annotations['apparmor.security.beta.kubernetes.io/defaultProfileName'] might assign metadata.annotations['apparmor.security.beta.kubernetes.io/<container name>']: $defaultProfileName
8. metadata.annotations['seccomp.security.alpha.kubernetes.io/defaultProfileName'] might assign spec.[init]containers[*].securityContext.seccompProfile: runtime/default

Describe the solution you'd like

• Implement the above mutations using gatekeeper.

Definition of done:
The mutations that can be done by the restricted PSP, is now instead done with Gatekeeper.

[crssnd]

go over group constraints (e.g gid=0)