Backport of NET-5947 Add NET_BIND_SERVICE capability in security context for api-gateway pod on OpenShift into release/1.2.x

[hc-github-team-consul-core]

Backport

This PR is auto-generated from #3070 to be assessed for backporting due to the inclusion of the label backport/1.2.x.

The below text is copied from the body of the original PR.

---

Why this change is needed:
This capability became a requirement for consul-dataplane, which api-gateway uses under the hood, as of hashicorp/consul-dataplane#238. Since the securityContext created for each consul-dataplane Pod was not requesting the NET_BIND_SERVICE capability specifically when deploying onto OpenShift, it was not being granted, and the Pod was failing to start with a permission denied error.

Changes proposed in this PR:

• Always add required NET_BIND_SERVICE capability to the securityContext for each api-gateway Pod

How I've tested this PR:

• Added unit test coverage verifying securityContext is always set appropriately on Pod
• @missylbytes tested it live on OpenShift 4.11 and 4.12 clusters, verifying that the Pod starts up correctly now

How I expect reviewers to test this PR:

• 🤖 tests passing

Checklist:

• Tests added
• CHANGELOG entry added

---

Overview of commits

• fce8305 - 27fe808 - c0fbca9 - ba8bac4 - 9d427b8 - 1b639af

[hashicorp-cla]

All committers have signed the CLA.

[nathancoleman]

Enterprise tests are failing due to issues that are being addressed in #3077

[nathancoleman]

The PR referenced above was merged into main. I've manually backported to release/1.2.x via #3082 and am waiting for that to merge.

[nathancoleman]

Rebasing now that #3082 has merged