[sync] fix: Prevent containers from running as root by removing unnecessary anyuid SCC bindings

[ugiordan]

Description

https://issues.redhat.com/browse/RHOAIENG-18030

This PR addresses the security concern of containers running with root privileges by removing the following ServiceAccounts from default RoleBindings granting the anyuid SCC:

• Notebook
• ModelMesh
• ModelController
• Dashboard

These changes help ensure that containers run with non-root user privileges and comply with security policies. Additionally, this makes the default RoleBinding that assigns the default ServiceAccount to the anyuid SCC unnecessary:

> oc get rolebinding opendatahub -oyaml | yq 'del(.metadata)'
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:openshift:scc:anyuid
subjects:
  - kind: ServiceAccount
    name: default
    namespace: opendatahub

How Has This Been Tested?

Screenshot or short clip

Merge criteria

• You have read the contributors guide.
• Commit messages are meaningful - have a clear and concise summary and detailed explanation of what was changed and why.
• Pull Request contains a description of the solution, a link to the JIRA issue, and to any dependent or related Pull Request.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 4 lines in your changes missing coverage. Please review.

Project coverage is 20.06%. Comparing base (5d47007) to head (16e06d4).
Report is 1 commits behind head on rhoai.

Files with missing lines	Patch %	Lines
pkg/upgrade/upgrade.go	0.00%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##            rhoai    #1590      +/-   ##
==========================================
- Coverage   20.33%   20.06%   -0.28%     
==========================================
  Files         161      160       -1     
  Lines       11014    10953      -61     
==========================================
- Hits         2240     2198      -42     
+ Misses       8534     8520      -14     
+ Partials      240      235       -5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ugiordan]

/uncc @etirelli
/cc @zdtsw

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: CFSNM, zdtsw

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [CFSNM,zdtsw]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment