allow approve certificates that are signed by grpc (#1228)

Signed-off-by: Wei Liu <[email protected]>
Co-authored-by: Wei Liu <[email protected]>

Author: openshift-cherrypick-robot

manifests/cluster-manager/hub/registration/clusterrole.yaml

@@ -134,8 +134,9 @@ rules:
   verbs: ["update", "patch"]
 {{end}}
 {{if .GRPCAuthEnabled}}
+# Allow hub to approve/sign certificates that are signed by grpc
 - apiGroups: ["certificates.k8s.io"]
   resources: ["signers"]
   resourceNames: ["open-cluster-management.io/grpc"]
-  verbs: ["sign"]
+  verbs: ["approve", "sign"]
 {{end}}