Update security-context with readOnlyRootFilesystem: true to Mount root filesystem as read-only in Shared Resources containers

[anchi205]

Added security-context with readOnlyRootFilesystem: true to node_daemonset.yaml and webhook_deployment.yaml for the shared-resource containers in openshift-builds namespace.

To test the changes,

oc exec -it -n openshift-builds -c node-driver-registrar -- /bin/sh

touch /test_sr-node_readonly.txt -> This will give error -> touch: cannot touch '/test_sr-node_readonly.txt': Read-only file system -> Proves the changes are in place

Similarly for other containers:

oc exec -it -n openshift-builds -c hostpath -- /bin/sh

touch /test_sr-hostpath_readonly.txt -> This will give error -> touch: cannot touch '/test_sr-hostpath_readonly.txt': Read-only file system -> Proves the changes are in place

oc exec -it -n openshift-builds -c shared-resource-csi-driver-webhook -- /bin/sh

touch /test_webhook_readonly.txt -> This will give error -> touch: cannot touch '/test_webhook_readonly.txt': Read-only file system -> Proves the changes are in place

[sayan-biswas]

Need to verify in cluster.

[sayan-biswas]

/retest

[sayan-biswas]

@anchi205 This PR needs to be rebased to include the latest commits.

[sayan-biswas]

@anchi205 The tests are all green now. Were you ale to test "shared-resources" in an openshift cluster?
This doc here gives you the necessary information to use shared-resources.
https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.4/html/work_with_shared_resources/shared-resource-csi-driver#ephemeral-storage-sharing-secrets-across-namespaces_shared-resource-csi-driver

[anchi205]

Yes Sayan, I tested in an openshift cluster.

After the changes, the pods are failing to mount SharedSecret/SharedConfigMap volumes (stuck Pending with FailedMount errors) because I set readOnlyRootFilesystem: true on the Shared Resource CSI driver containers.