Wrap the spoc CLI from the operator

This allows us using the container images without overwriting its
entrypoint:

```
> podman run -it security-profiles-operator spoc help
NAME:
   spoc - Security Profiles Operator CLI

USAGE:
   spoc [global options] command [command options] [arguments...]

VERSION:
   0.6.1-dev

COMMANDS:
   version, v  display detailed version information
   record, r   run the recorder
   help, h     Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h     show help
   --version, -v  print the version
```

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>

Dockerfile

@@ -34,5 +34,6 @@ COPY --from=make /work/result/security-profiles-operator /
 COPY --from=make /work/result/spoc /
 
 USER 65535:65535
+ENV PATH=/
 
 ENTRYPOINT ["/security-profiles-operator"]

cmd/security-profiles-operator/main.go

@@ -24,6 +24,7 @@ import (
 	"net/http"
 	_ "net/http/pprof" //nolint:gosec // required for profiling
 	"os"
+	"os/exec"
 	"strings"
 	"time"
 
@@ -68,6 +69,7 @@ import (
 )
 
 const (
+	spocCmd            string = "spoc"
 	jsonFlag           string = "json"
 	recordingFlag      string = "with-recording"
 	selinuxFlag        string = "with-selinux"
@@ -196,6 +198,13 @@ func main() {
 				return runBPFRecorder(ctx, info)
 			},
 		},
+		&cli.Command{
+			Name:     spocCmd,
+			Aliases:  []string{"s"},
+			Usage:    "run the CLI",
+			Action:   runCLI,
+			HideHelp: true,
+		},
 	)
 
 	app.Flags = []cli.Flag{
@@ -589,3 +598,21 @@ func setupEnabledControllers(
 
 	return nil
 }
+
+// runCLI wraps the SPO CLI by using $PATH for searching the spoc executable.
+func runCLI(_ *cli.Context) error {
+	const minArgs = 2
+	if len(os.Args) < minArgs {
+		return errors.New("not enough arguments provided")
+	}
+	//nolint:gosec // it's intentional to pass all other args here
+	c := exec.Command(spocCmd, os.Args[minArgs:]...)
+	c.Stdout = os.Stdout
+	c.Stderr = os.Stderr
+
+	if err := c.Run(); err != nil {
+		fmt.Fprintln(os.Stderr, err)
+	}
+
+	return nil
+}