Ensure privileged deployment mode works

[elevran]

There are two modes which would like ClusterLink to support:

• running in a separate (and privileged) namespace, thus limiting access to administrators; and
• running control and data planes in user namespace (unprivileged deployment)

We need to validate the first use case and ensure that (initial list, more items might be discovered):

• control and data plane run in a dedicated (e.g., clusterlink-system) namespace
• control plane has sufficient (but not too wide) RBAC privileges to (e.g.,) create Services in other namespace, watch Pods in other namespace (for policy attribute determination), etc.

This should likely be related to a more k8s native management (e.g., using CRDs) where per namespace configuration is also possible via (e.g., Export/Import) CRDs. Doing so using the CLI makes separating developer and administrator privileges difficult (e.g., granular roles encoded and managed via CLI token, etc.)
See #28 for CRD discussion

[elevran]

Covered by its milestone's tasks. Closing in favor of the individual issues