✨ wire up ServiceAccount based caching layer

[everettraven]

Description

• Updates the RestConfigMapper to use a new TokenTripper that wraps a http.RoundTripper to always set the Authorization header to the referenced ServiceAccount
• Updates the E2E ServiceAccounts introduced in ✨ Wire up Service Account #1038 to use a scoped set of permissions instead of giving it cluster-admin equivalent permissions (used bind + escalate for RBAC to keep the SA permissions as succinct as possible. Open to changing this if desired)
• Updates the ClusterExtensionReconciler to have an exported field that can be used to configure the contentmanager.Watcher that should be used to establish watches on the ClusterExtension managed objects
• Updates the contentmanager.Instance.Watch() method to create watches with the same configurations as existed in the ClusterExtensionReconciler.reconcile() method previously
• Adds an E2E test to verify that when a change is made to managed objects (in the test case we delete a managed object), that the managed object triggers reconciliation and changes are reverted (in the test case we ensure the managed object is recreated)

resolves #975
resolves #983

Reviewer Checklist

• API Go Documentation
• Tests: Unit Tests (and E2E Tests, if appropriate)
• Comprehensive Commit Messages
• Links to related GitHub Issue(s)

[netlify]

✅ Deploy Preview for olmv1 ready!

Name	Link
🔨 Latest commit	586046f
🔍 Latest deploy log	https://app.netlify.com/sites/olmv1/deploys/669e71fa5220dd0008608ebf
😎 Deploy Preview	https://deploy-preview-1074--olmv1.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

Attention: Patch coverage is 65.62500% with 11 lines in your changes missing coverage. Please review.

Project coverage is 72.82%. Comparing base (58c5776) to head (586046f).

Files	Patch %	Lines
internal/authentication/tripper.go	61.53%	3 Missing and 2 partials ⚠️
internal/authentication/tokengetter.go	0.00%	4 Missing ⚠️
internal/contentmanager/contentmanager.go	83.33%	1 Missing ⚠️
...nternal/controllers/clusterextension_controller.go	66.66%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1074      +/-   ##
==========================================
- Coverage   72.93%   72.82%   -0.11%     
==========================================
  Files          31       32       +1     
  Lines        1862     1866       +4     
==========================================
+ Hits         1358     1359       +1     
- Misses        366      368       +2     
- Partials      138      139       +1     

Flag	Coverage Δ
e2e	56.80% <65.62%> (+<0.01%)	⬆️
unit	44.31% <9.37%> (-0.10%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[skattoju]

/lgtm

[openshift-ci]

@skattoju: changing LGTM is restricted to collaborators

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[tmshort]

Nit: change in whitespace

[tmshort]

Nit: whitespace-only change

[tmshort]

/lgtm
Just small wicked minor nits.