Enable seccomp on containers (CrunchyData#122)

As of Kubernetes v1.19, SecurityContext has a seccompProfile field
that can be set to RuntimeDefault to limit syscalls.

This PR adds that setting to the PGO containers.

Issue [sc-11286]

Author: benjaminjb

helm/install/templates/manager-upgrade.yaml

@@ -38,3 +38,5 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
           runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault

helm/install/templates/manager.yaml

@@ -44,3 +44,5 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
           runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault

kustomize/install/manager/manager-upgrade.yaml

@@ -32,4 +32,6 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
           runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
       serviceAccountName: postgres-operator-upgrade

kustomize/install/manager/manager.yaml

@@ -46,4 +46,6 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
           runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
       serviceAccountName: pgo