chore: add container security context to admission webhook jobs

[kondracek-nr]

Description

A customer recently reported that allowPrivilegeEscalation=false wasn't working on the admission webhooks in k8s-metadata-injection. This change allows containerSecurityContext to be passed into the admission webhook job templates as it is in the deployment.

Logs look normal & metadata is added to new pods as expected

kn logs newrelic-bundle-nri-metadata-injection-admission-create-mpm6b
W0515 19:12:01.304876       1 client_config.go:618] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
{"err":"secrets \"newrelic-bundle-nri-metadata-injection-admission\" not found","level":"info","msg":"no secret found","source":"k8s/k8s.go:229","time":"2025-05-15T19:12:01Z"}
{"level":"info","msg":"creating new secret","source":"cmd/create.go:28","time":"2025-05-15T19:12:01Z"}

kn logs newrelic-bundle-nri-metadata-injection-admission-patch-z9jh6
W0515 19:12:05.749301       1 client_config.go:618] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
{"level":"info","msg":"patching webhook configurations 'newrelic-bundle-nri-metadata-injection' mutating=true, validating=false, failurePolicy=","source":"k8s/k8s.go:118","time":"2025-05-15T19:12:05Z"}
{"level":"info","msg":"Patched hook(s)","source":"k8s/k8s.go:138","time":"2025-05-15T19:12:05Z"}

Type of change

• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• New feature / enhancement (non-breaking change which adds functionality)
• Security fix
• Bug fix (non-breaking change which fixes an issue)

Checklist:

• Add changelog entry following the contributing guide
• Documentation has been updated
• This change requires changes in testing:
  • unit tests
  • E2E tests

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 51.61%. Comparing base (2cf06dd) to head (1ce1b73).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #619   +/-   ##
=======================================
  Coverage   51.61%   51.61%           
=======================================
  Files           3        3           
  Lines         279      279           
=======================================
  Hits          144      144           
  Misses        127      127           
  Partials        8        8           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dbudziwojskiNR]

Should we also add podSecurityContext since we're here already?

[kondracek-nr]

@dbudziwojskiNR podSecurityContext is already hardcoded on these jobs:

      securityContext:
        runAsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000

[dbudziwojskiNR]

@dbudziwojskiNR podSecurityContext is already hardcoded on these jobs:

      securityContext:
        runAsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000

Whoops, missed that somehow. We could move that into the values file potentially but I think that out of scope for this PR. LGTM