Fix e2e test RBAC: add bind/escalate verbs

Scoped ServiceAccount clients need `bind` and `escalate` verbs
to create ClusterRoleBindings. The admin client previously used
bypassed this RBAC requirement.

The documentation (docs/concepts/permission-model.md) already specifies
that ServiceAccounts need `bind` and `escalate` verbs for RBAC resources
to install extensions with their own RBAC.

The e2e test template was missing these verbs, causing tests to fail when
using scoped ServiceAccount clients (which properly enforce Kubernetes RBAC)
instead of the admin client.

Author: camilamacedo86

test/e2e/steps/testdata/rbac-template.yaml

@@ -50,7 +50,11 @@ rules:
       - roles
       - clusterrolebindings
       - rolebindings
-    verbs: [ update, create, list, watch, get, delete, patch ]
+    # The bind and escalate verbs allow the ServiceAccount to create role bindings
+    # for roles it doesn't have and grant permissions beyond its own. This is required
+    # because extension bundles contain their own RBAC that must be created.
+    # See docs/concepts/permission-model.md for details on these requirements.
+    verbs: [ update, create, list, watch, get, delete, patch, bind, escalate ]
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
     verbs: [ update, create, list, watch, get, delete, patch ]