Cluster-scoped Rollouts should be restricted to user-defined namepaces

[jgwest]

In order to avoid the potential for privilege escalation, cluster administrators (responsible for installing the operator) should specifically identify the namespaces that cluster-scoped Argo Rollouts can be installed to.

The set of valid namespaces for cluster-scoped Argo Rollouts installs is specified (as a comma-separated list) via the CLUSTER_SCOPED_ARGO_ROLLOUTS_NAMESPACES environment variable of the operator.

This allows administrators to ensure that only authorized users have access to those namespaces.

A cluster-scoped Argo Rollouts install -- by virtue of having the requirement of writing to objects across all the cluster-namespaces -- requires a powerful ClusterRole/Binding. It is thus beneficial to set guard rails on who can access the namespace associated with that install.

Fixed by #95