Principle of least privilege should be applied in operator (Cluster)Roles

[Cynocracy]

Describe the bug
Today the operator is by default granted all permissions on all resources clusterwide by a blanket ClusterRole

Expected behavior
Only specifically those permissions which are necessary in order to create a functional Knative serving setup should be added, using escalate and/or bind to create roles or rolebindings that the operator itself does not need explicitly, but which are needed transitively by knative serving.

To Reproduce

1. Install Knative Eventing Operator.
2. kubectl describe clusterrole knative-eventing-operator

Name:         knative-eventing-operator
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"name":"knative-eventing-operator"},"rules":...
PolicyRule:
  Resources  Non-Resource URLs  Resource Names  Verbs
  ---------  -----------------  --------------  -----
  *.*        []                 []              [*]

Sibling bug of knative/serving-operator#282

Going to use this to attempt to solve both in a way that generalizes well.

[Cynocracy]

/assign Cynocracy