Narrow securityContext and Capabilities and RBAC to the least privileges needed to still work.

Is your feature request related to a problem? Please describe. When we currently generate a static manifest and also rbac we just configure everything which eventually could get used by some code-path in kube-vip. As we already know in the manifest generation how kube-vip gets installed, we could narrow down these configs to the bare minimum required to run the pod with the activated code-path.

Describe the solution you'd like Make some of the generated manifest parts conditional based on the activated featureset the manifest generation is triggered with. Allow still to generate a version which supports all code-paths when we are not targeting a specific code-path during generation.

Describe alternatives you've considered None

Additional context A similar thing is also discussed in the helm-chart repo of kube-vip -> https://github.com/kube-vip/helm-charts/issues/81