[Task] Configure Cryostat for All Namespaces discovery mode

[andrewazores]

No description provided.

[andrewazores]

This goes back to:

• feat(csv): enable AllNamespaces install mode #514
• feat(api): add multi-namespace ClusterCryostat API #520
• feat(discovery): enable OpenShift cross-namespace discovery cryostat-legacy#1290
• feat(security): add SecurityContext to recordings cryostat-legacy#1188

Creating an "All Namespaces" instance (ie the old ClusterCryostat) means that that particular Cryostat instance has visibility into all namespaces of the cluster, and can potentially connect to and gather data from all (Java) applications in the cluster. Any user who has access to that Cryostat instance can therefore pull out data from any application, including ones in namespaces where the user does not actually have access. This is a big footgun, and any admin user who creates such a Cryostat instance is essentially offering a privilege escalation to other users.

For the Helm chart, where installations are more likely to be one-off/short-lived for ad hoc troubleshooting, this may be an acceptable and useful feature despite the security implications. For the Operator, where installations are intended to be more long-lived and hardened deployments, we should not move forward with this until we have a multitenancy story (cryostatio/cryostat-legacy#1188, cryostatio/cryostat#630, cryostatio/cryostat-legacy#1409) and can enforce authorization and access controls to ensure that users accessing Cryostat do not gain access to data from other namespaces where they are lacking authorization.