fix tigera-operator secrets RBAC permission for egressgateway

[vara2504]

Description

If the operator needs to create, update, or delete a secret in any namespace within the cluster (whether a product-specific or user-specific namespace), it must have a RoleBinding that grants the necessary RBAC permissions for secrets in that namespace.

apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    creationTimestamp: "2025-04-04T15:10:45Z"
    name: tigera-operator-secrets
    namespace: calico-egress
    ownerReferences:
    - apiVersion: operator.tigera.io/v1
      kind: EgressGateway
      name: egress-gateway-red
      uid: 0dcb2194-0e64-447c-bf2e-a6de8907839c
    - apiVersion: operator.tigera.io/v1
      kind: EgressGateway
      name: egress-gateway-blue
      uid: 03270136-c8b9-4233-9042-7279aecd0cd6
    resourceVersion: "36674"
    uid: 44b58cfe-d7da-407e-8f8a-21f88c2a25dd
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: tigera-operator-secrets
  subjects:
  - kind: ServiceAccount
    name: tigera-operator
    namespace: tigera-operator
kind: List
metadata:
  resourceVersion: ""

For PR author

• Tests for change.
• If changing pkg/apis/, run make gen-files
• If changing versions, run make gen-versions

For PR reviewers

A note for code reviewers - all pull requests must have the following:

• Milestone set according to targeted release.
• Appropriate labels:
  • kind/bug if this is a bugfix.
  • kind/enhancement if this is a a new feature.
  • enterprise if this PR applies to Calico Enterprise only.

[rene-dekker]

/merge-when-ready

[marvin-tigera]

OK, I will merge the pull request when it's ready, leave the commits as is when I merge it, and leave the branch after I've merged it.