Configure test pod to comply with Pod Security Standard

[bcrochet]

Description of the change:
The test pod is not yet created in accordance with the Pod Security Standard enforced in k8s 1.24. For compliance, the main pod security context needs:

RunAsNonRoot: true
SeccompProfile:
Type: RuntimeDefault

And each container needs:

SecurityContext:
AllowPrivilegeEscalation: false
Capabilities:
Drop:
'ALL'

Fixes #5939

Signed-off-by: Brad P. Crochet brad@redhat.com

Motivation for the change:
Scorecard tests would not run under k8s 1.24 or OpenShift 4.12. This re-enables that functionality.

Checklist

If the pull request includes user-facing changes, extra documentation is required:

• Add a new changelog fragment in changelog/fragments (see changelog/fragments/00-template.yaml)
• Add or update relevant sections of the docs website in website/content/en/docs

[bcrochet]

/retest

[openshift-ci]

@bcrochet: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

Details

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[jmrodri]

@bcrochet So this looks like it enables the security context all the time. I think this needs to be hidden behind a flag. We have another PR that adds a flag. #6187

[jberkhahn]

/ok-to-test

[bcrochet]

@bcrochet So this looks like it enables the security context all the time. I think this needs to be hidden behind a flag. We have another PR that adds a flag. #6187

It does. And it looks like we are mostly doing the same thing. I'll close this and comment/review the other.