Beat CRD presets

[david-kow]

This PR implements presets proposal (#3190).

Preset field

Preset is an optional, enum field that allows the operator to setup a Beat with predefined configuration. That configuration consists of:

• Beat config
• deployment or daemonset spec with podTemplate
• appropriate roles and rolebindings

Preset can be used together with other CRD fields:

• if config is specified, it replaces config from preset entirely (output is still set though)
• if podTemplate is specified, the preset podTemplate is merged with it
• if operator has manage-beat-rbac flag set to false or spec.ServiceAccountName is set, the operator won't create service account or bindings

Role management

Each preset might need different API permissions. As we know these upfront, we can precreate correct ClusterRoles during ECK installation and allow ECK to create bindings to these roles only (verb bind) which doesn't require us to expand operator permissions dramatically.

In addition to that, autodiscover permissions might be needed for a Beat. We detect this by looking for *.autodiscover config path.

Role management can be disabled:

• on an operator level by setting manage-beat-rbac flag to false, and
• on resource level by setting ServiceAccountName in the podTemplate

PSP

Beat e2e testing is improved by separating the permissions given to the operator and permissions given to Beat Pods.

Beat PSP and ClusterRole allowing to use it are created as a part of e2e test setup. RoleBinding to the right ServiceAccount is done during e2e test run.

[david-kow]

We've decided to go with no defaults approach (#3214).