add missing Linux CAP when running in VNM mode

[kellenanker7]

Description of changes

addresses #80. put the added Linux capability behind a toggle so the default is a less-privileged container.

Validation steps

• installed the pre-commit hooks with pre-commit install
• (optionally) deployed this change to k8s cluster (will install this -devel version after merge)

[coolguy-5]

Looks ok, but EKS has been documented as a limitation for VNM in certain configurations. Not sure if we would have the same approach for the helm chart.

We've observed thatin EKS is that even after "including CAP_NET_ADMIN in the container’s SecurityContext" it does not resolve the issue.

Also occurs in GCP autopilot clusters. (GKE)
https://cloud.google.com/kubernetes-engine/docs/release-notes#June_22_2023

@marysdm to clarify?

[marysdm]

Re: limitation @coolguy-5 mentioned. This is an issue with all hardened K8s environments (EKS, GKE, AKS, etc.) The respective provider should be consulted by customers for options to allow CAP_NET_ADMIN if desired.

For Docker containers, adding the --privileged flag to the docker fun command.

Github Actions with containerized running, I set privileged as follows:
container: image: public.ecr.aws/strongdm/client:latest options: --privileged

Github Actions with Ubuntu runner worked without issue.