[ENHANCEMENT] Restrict the manager's access permission

[starbops]

While working on #13, I found that virtbmc-controller requires excessive permission to work. From virtbmc-controller's log:

...
manager W1224 15:11:30.504865       1 reflector.go:539] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *v1.Pod: pods is forbidden: User "system:serviceaccount:kubevirtbmc-system:kubevirtbmc-manager" cannot list resource "pods" in API group "" at the cluster scope
manager E1224 15:11:30.504963       1 reflector.go:147] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1.Pod: failed to list *v1.Pod: pods is forbidden: User "system:serviceaccount:kubevirtbmc-system:kubevirtbmc-manager" cannot list resource "pods" in API group "" at the cluster scope
manager W1224 15:11:38.512892       1 reflector.go:539] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *v1.Service: services is forbidden: User "system:serviceaccount:kubevirtbmc-system:kubevirtbmc-manager" cannot list resource "services" in API group "" at the cluster scope
manager E1224 15:11:38.512945       1 reflector.go:147] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1.Service: failed to list *v1.Service: services is forbidden: User "system:serviceaccount:kubevirtbmc-system:kubevirtbmc-manager" cannot list resource "services" in API group "" at the cluster scope

Apparently, the manager requires cluster-scoped permission to access Pods and Services across different namespaces. However, this is unnecessary. KubeVirtBMC only creates and manages virtbmc Pods and Services under the kubevirtbmc-system. Giving its ServiceAccount a ClusterRole power is overkilling. We might want to restrict it to be in the working namespace.