Since we are upgrading from the chart from 1.x to 3.x, several aspects
have changed:

1) admissionController configuration has been moved into its own
section
2) RBAC rules can no longer be injected into the chart, so we need to
provision the ClusterRole and ClusterRoleBinding ourselves. Then, we
attach it the the ServiceAccount created by the Helm chart
3) Probes are no longer configurable (not necessary due to 4)
4) Enable OPA decision logs instead of HTTP logs
5) Between admission.k8s.io/v1beta1 and v1 there are two changes we
need to respect in our "default-system-main" rule: we need to return
the UID send in the request and for the patches need to specify the
patchType (in our case JSON).

The new version of the MGMT chart also includes the fix submitted by
Alex to make cert-manager certs duration configurable:
https://github.com/open-policy-agent/kube-mgmt/pull/120

https://github.com/open-policy-agent/opa/releases/tag/v0.36.1

Required for OKD 4.9 upgrade, since Kubernetes 1.22 removed several beta APIs.