The operator automatically configures the role-mapper AND the credentials used by the controllers based upon the client cert strategy configured in the Infinispan CR. The follow role-mapper configurations are applied:

`clientCert: None | Validate` -> `cluster-role-mapper`
`clientCert: Authenticate` -> `common-name-role-mapper`

A valid use-case is for a user to adopt the `clientCert: validate` strategy with a `common-name-role-mapper` to ensure that the CN of the certificate determines the capabilities of the client(s).

Currently it's not possible for the user to define a custom role-mapper via custom server configuration, as the Operator controllers need to be aware of the desired role-mapper in order to configure their rest client correctly.

We should add an optional field to the Infinispan CR that allows the role-mapper to be explicitly configured, with the previous defaults applied if the field is omitted.

Example Infinispan CR configuration:

spec: 
  security: 
    authorization: 
      roleMapper: common-name-role-mapper