jupyter-web-app misses RBAC rule for `namespaces` resources

[orfeas-k]

/kind bug

JWA doesn't have an RBAC rule for namespaces resources as other web apps do (e.g. VWA). This will result in an authorization error if JWA is deployed outside of Kubeflow (without the dashboard).

What steps did you take and what happened:
I observed that JWA doesn't have this rule and then I went through the code in order to figure out if it is needed and here is why it is needed:

1. JWA, when deployed outside of Kubeflow (no CentralDashboard present) implements lib-namespace-select component in its index page with namespaces URL /api/namespaces.
2. This component subscribes to the common backend service's getNamespaces() using the above namespaces URL.
3. This backend service (a service which frontend uses to contact the backend part of the WA) hits the backend at this API route which would require authorisation to perform this action.

Thus JWA would not be able to list namespaces resources.

[andreyvelich]

/transfer notebooks

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity.
It will be closed if no further activity occurs.
Thank you for your contributions.

Members may comment /lifecycle frozen to prevent this issue from being marked as stale.