Fix RBAC manifest per QA review (PRI-554)

- Remove rbac.authorization.k8s.io rule (create/delete on rolebindings
  was privilege escalation; no RBAC self-management needed)
- Remove self-applying kubectl apply step from e2e workflow
  (runner cannot grant its own permissions; RBAC must be pre-applied
  via Flux from infra repo)

Reviewed-by: Hugh Hackman

.github/workflows/e2e.yaml

@@ -51,9 +51,6 @@ jobs:
       - name: Build plugin
         run: npx @kinvolk/headlamp-plugin build
 
-      - name: Apply RBAC for E2E runner
-        run: kubectl apply -f deployment/e2e-ci-runner-rbac.yaml
-
       - name: Deploy E2E Headlamp instance
         run: scripts/deploy-e2e-headlamp.sh
 

deployment/e2e-ci-runner-rbac.yaml

@@ -12,9 +12,6 @@ metadata:
   name: e2e-ci-runner
   namespace: privilegedescalation-dev
 rules:
-  - apiGroups: ["rbac.authorization.k8s.io"]
-    resources: ["rolebindings"]
-    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["configmaps", "serviceaccounts", "events"]
     verbs: ["get", "list", "create", "delete"]