deploy: add container security context

- deny privilege escalation
- set readonly root fs
- add tmp emptyDir volume

Author: stefanprodan

config/manager/deployment.yaml

@@ -23,6 +23,9 @@ spec:
       - name: manager
         image: fluxcd/source-controller
         imagePullPolicy: IfNotPresent
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
         ports:
           - containerPort: 8080
             name: http
@@ -46,6 +49,10 @@ spec:
         volumeMounts:
           - name: data
             mountPath: /data
+          - name: tmp
+            mountPath: /tmp
       volumes:
         - name: data
           emptyDir: {}
+        - name: tmp
+          emptyDir: {}