Start using `hostUsers` where possible

[jcpunk]

Is your feature request related to a problem? Please describe.
Kubernetes 1.33+ offers user namespaces which further isolates users from the system and other pods on the same host.

Describe the solution you'd like
I'd like cvmfs-csi to start with an "opt-in" flag where folks could start deploying with hostUsers: false via helm. Eventually it would be nice to shift this to an "opt-out" flag once kubernetes 1.32 is no longer on the support matrix.

Note: hostUsers: false doesn't work with kind.

I believe the nodeplugin-daemonset needs to run with system root (hostUsers: true. It would be good to explicitly set that hostUsers: true. In my experience with kubernetes, explicit is always better than implicit. If the default in kubernetes becomes user customizable, folks may switch to hostUsers: false by default. Setting the values to a known good state by default should help avoid some foot guns.

It is unclear to me if the controllerplugin Deployment could run as a non-local user.

Describe alternatives you've considered
Patching the resources with Kustomize.

Additional context
https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/