improve rabc settings of secrets for yurt-manager component

[rambohe-ch]

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespace from that line:
/kind bug
/kind documentation
/kind enhancement
/kind good-first-issue
/kind feature
/kind question
/kind design
/sig ai
/sig iot
/sig network
/sig storage

/kind enhancement

What this PR does / why we need it:

In order to improve the security setting for yurt-manager component, improve secret resource rbac settings for yurt-manager as following:

1. move secret rbac settings from clusterrole to role
2. secret rbac verbs only left update and get. remove other verbs like create and delete.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

other Note

[openyurt-bot]

@rambohe-ch: GitHub didn't allow me to assign the following users: your_reviewer.

Note that only openyurtio members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespace from that line:
/kind bug
/kind documentation
/kind enhancement
/kind good-first-issue
/kind feature
/kind question
/kind design
/sig ai
/sig iot
/sig network
/sig storage

/kind enhancement

What this PR does / why we need it:

In order to improve the security setting for yurt-manager component, improve secret resource rbac settings for yurt-manager as following:

1. move secret rbac settings from clusterrole to role
2. secret rbac verbs only left update and get. remove other verbs like create and delete.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

other Note

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[codecov]

Codecov Report

Merging #1742 (5b314d3) into master (0c1c982) will increase coverage by 0.06%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #1742      +/-   ##
==========================================
+ Coverage   50.74%   50.80%   +0.06%     
==========================================
  Files         165      165              
  Lines       19258    19258              
==========================================
+ Hits         9772     9784      +12     
+ Misses       8566     8555      -11     
+ Partials      920      919       -1     

Flag	Coverage Δ
unittests	50.80% <ø> (+0.06%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
...ntroller/yurtappdaemon/yurtappdaemon_controller.go	25.23% <ø> (ø)
...ger/controller/yurtappset/yurtappset_controller.go	47.28% <ø> (ø)
...coordinator/cert/yurtcoordinatorcert_controller.go	11.94% <ø> (ø)

... and 1 file with indirect coverage changes

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
1.1% Duplication

[rambohe-ch]

@YTGhost PTAL

[YTGhost]

/lgtm

[openyurt-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rambohe-ch, YTGhost

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [rambohe-ch]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment