Use readOnlyRootFilesystem: true for all containers

[jemag]

Is your feature request related to a problem? Please describe.
Currently, by default, it is possible to write on the root filesystem

Describe the solution you'd like
Specify readOnlyRootFilesystem: true as a default for all the containers in the manifests of the next release

Describe alternatives you've considered
Patch manually

Additional context
It seems that there is intent for the binaries to not write anywhere, judging from #2884 (comment) and #2883 (comment), although this might not be the case according to #5580.

Either way, whether a volume has to be mounted or not, I think it would be a good default to have in regards to security.

/kind feature

[jetstack-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale

[jemag]

/not-stale

[jetstack-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle rotten
/remove-lifecycle stale

[sigv]

/remove-lifecycle rotten

[jsoref]

/good-first-issue

[jetstack-bot]

@jsoref:
This request has been marked as suitable for new contributors.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-good-first-issue command.

Details

In response to this:

/good-first-issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[Rus1an31]

Can you tell please when this feature will be implemented?