viking controller ClusterRole is required for read access to IngressClass.

This is necessary even if the controller is otherwise restricted to
a namespace. So we add a new ClusterRole to add the RBAC read rights
(wath, list and get) unconditionally for any controller instance.

charts/viking-controller/templates/clusterrole-ingressclass.yaml

+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ template "viking-controller.name" . }}-ingressclass
+    helm.sh/chart: {{ template "viking-controller.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  name: viking.uplex.de:{{ template "viking-controller.fullname" . }}-ingressclass
+rules:
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - list
+      - watch
+      - get

charts/viking-controller/templates/clusterrolebinding-ingressclass.yaml

+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ template "viking-controller.name" . }}-ingressclass
+    helm.sh/chart: {{ template "viking-controller.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  name: {{ template "viking-controller.fullname" . }}-ingressclass
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "viking-controller.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: viking.uplex.de:{{ template "viking-controller.fullname" . }}-ingressclass
+  apiGroup: rbac.authorization.k8s.io