Currrently, the KAS audit logs are tailed from a sidecar. This allows anyone with access to the mgmt cluster to access them. Often times however, the person who owns the hostedcluster won't be able to access its namespace in the mgmt cluster.

AC:

• There are configuration options to setup audit log forwarding on the HostedCluster
• Possible audit log destination config should be similiar to what the cluster logging operator offers
• Audit logs arrive when configured

Related slack discussion: https://coreos.slack.com/archives/C02LM9FABFW/p1658859552470629