Grant scylla operator additional RBAC rules when running on OpenShift

[tnozicka]

When running on OpenShift, Scylla Operator needs to be given additional RBAC rules. Primarily for <resource>/finalizers on resources where we set ownerRefs with blockOwnerDeletion.

Because the user deploying the operator, or the operator rules, may not have wildcard permissions on resources, we can grant the extra rules on platforms that do not have the extensions. This means there have to be separate deploy manifests for the operator on those platforms and also the Operator has to detect on which platform it is running when granting roles with those permissions to managed service accounts. We can have a flag that sets the platform for the operator but this can be well autodetected on operator startup by doing SAR e.g. on projects.openshift.io.