(catsrc) introduce spec.runAsRoot field

With the [change](operator-framework/operator-registry#974) in opm being copied to a /tmp
folder rather than / (root), a registry pod created in a namespace labled
enforce:restricted for the Pod Security Admission controller is created by
the catalog operator with the (appropriate securityContext details) https://github.com/operator-framework/operator-lifecycle-manager/pull/2820/files#diff-fffdeef1fc140a5dc5dc92dda323f567a6e46fc2ecbb0b91ba907acd02bde50dR185-R210
to run it in restricted mode.
However, Catalogs built with a version of opm that does not contain the above
change still needs privileged permission to run in a namespace that has to
be labeled as enforce:privileged for the PSA controller.
This PR introduces a new field, spec.runAsRoot, so that admins can indiciate
their intent to allow to run the old CatalogSource in a privileged mode.
When the catalog operator sees this field set to true, it will not set the
securityContext in the registry pod to `runAsNonRoot:true`. Instead, it will
set the securityContext to `runAsNonRoot:false`.

Author: anik120

crds/operators.coreos.com_catalogsources.yaml

@@ -120,6 +120,9 @@ spec:
                   type: integer
                 publisher:
                   type: string
+                runAsRoot:
+                  description: RunAsRoot allows admins to indicate that they wish to run the CatalogSource pod in a privileged more as root
+                  type: boolean
                 secrets:
                   description: Secrets represent set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry.
                   type: array