fix: Replace deprecated kube-rbac-proxy with built-in metrics auth

[IrvingMg]

Changes

Replaced the kube-rbac-proxy sidecar (the image is no longer available) with controller-runtime's built-in metrics authentication and authorization (filters.WithAuthenticationAndAuthorization).

Key changes:

• main.go: The metrics endpoint is now served directly on :8443 with TLS and authn/authz; no sidecar is needed.
• config/default/manager_auth_proxy_patch.yaml: Deleted (this previously injected the sidecar).
• config/rbac/auth_proxy_role.yaml and auth_proxy_role_binding.yaml: Deleted (permissions moved to Kubebuilder markers and auto-generated into role.yaml).
• config/manager/manager.yaml: Added the metrics port and bind address (previously injected by the sidecar patch).

Verification:

# Deploy to kind cluster
make deploy IMAGE_REPO=kind.local
kubectl -n shipwright-operator get pods

# Port-forward metrics service
kubectl create token shipwright-operator -n shipwright-operator > /tmp/sa-token.txt
kubectl create clusterrolebinding metrics-test \
    --clusterrole=shipwright-operator-metrics-reader \
    --serviceaccount=shipwright-operator:shipwright-operator
kubectl port-forward -n shipwright-operator svc/shipwright-operator-metrics-service 8443:8443

# Without auth — should return "Unauthorized"
curl -k https://localhost:8443/metrics

# With auth — should return Prometheus metrics
curl -k -H "Authorization: Bearer $(cat /tmp/sa-token.txt)" https://localhost:8443/metrics

/kind bug
/kind cleanup

Fixes #284

Submitter Checklist

• Includes tests if functionality changed/was added
• Includes docs if changes are user-facing
• Set a kind label on this PR
• Release notes block has been filled in, or marked NONE

See the contributor guide
for details on coding conventions, github and prow interactions, and the code review process.

Release Notes

NONE

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign qu1queee for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[IrvingMg]

/cc @hasanawad94

[adambkaplan]

/hold

We are going to merge #283 first, since this swaps the rbac-proxy-image with its new location.