improve securityContexts

[monrax]

From: https://github.com/tigerpeng2001/graylog-helm/blob/main/evaluation.txt

• Pod-level securityContext exists for Graylog but not for DataNode.
• Container-level hardening options are not present. E.g

securityContext:
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true    # if application supports it
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

Clusters enforcing restricted Pod Security Standards will reject these workloads.

• There's no support for configurable securityContext. E.g.

 # values.yaml
  graylog:
    podSecurityContext:
      runAsUser: 1100
      runAsGroup: 1100
      fsGroup: 1100
    containerSecurityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop: ["ALL"]
      # readOnlyRootFilesystem: false
  datanode:
    podSecurityContext:
      runAsUser: 1000
      runAsGroup: 1000
      fsGroup: 1000
    containerSecurityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop: ["ALL"]

Then in templates:

  spec:
    securityContext:
      {{- toYaml .Values.graylog.podSecurityContext | nindent 8 }}
    containers:
      - name: graylog-app
        securityContext:
          {{- toYaml .Values.graylog.containerSecurityContext | nindent 12 }}

Or something similar, if a configurable securityContext is ever required.