Describe the feature

Currently theres only TenantOwner as a concept. I would like to add one more role which is the TenantReader which gets only viewing permissions to all tenant resources. Theres often Auditor/Operatore roles which needs viewing access to the cluster resources but should not necessary be a Tenant Owner. Another field in the Tenant resource would make it simpler to setup and maintain these roles.

What would the new user story look like?

Tenant CRD gets a new entry "readers" which acts like the "owners" attribute but grants only viewing permissions on the tenant resources.