Add Kubernetes secret RBAC support to Helm chart

[zofer1zohargo]

Add Role and RoleBinding templates for reading Kubernetes secrets.
Bump Helm chart version to 0.16.1.
Fix service account name resolution in _helpers.tpl.

[burningalchemist]

@zofer1zohargo since the RBAC bindings are new to the chart and also simply new template files, let's update the version to 0.17.0, and the appVersion to 0.21.0 (you've added a new provider, so it's technically a new feature).

The CI will break after the change as I haven't made the app release yet. It's ok for now, we may convert the PR to draft. Once it's released, we re-run the PR and merge it. 👍

Please don't forget to run make gen_docs in the helm directory.

[zofer1zohargo]

@zofer1zohargo since the RBAC bindings are new to the chart and also simply new template files, let's update the version to 0.17.0, and the appVersion to 0.21.0 (you've added a new provider, so it's technically a new feature).

The CI will break after the change as I haven't made the app release yet. It's ok for now, we cmay convert the PR to draft. Once it's released, we re-run the PR and merge it. 👍

Please don't forget to run make gen_docs in the helm directory.

Sure I will do that.

[zofer1zohargo]

I made no helm changes to use other values so gen docs made no changes. This means that if you ask sql exporter helm to create service account it will be granted automatically the right to read secrets from the namespace it is installed. We could have done all sorts of helm tricks in helm charts to mount it and process the file later but this eventually implies that we read secrets and deploy time instead of runtime. I find runtime neater so you don't need to deploy again when password changes. I find that creating the role and binding with another flag is an overkill. We can add it later

[burningalchemist]

@zofer1zohargo Yeah, agreed. Ok, then we wait for the release, and re-run the tests and we should be good to go. I'll tag you here 👍