Extension of https://issues.redhat.com/browse/KATA-3968, whereas the plan is to enable IBM SE as a known TEE and accept as a valid RuntimeClass

User Story
As a developer, I want a TEE-specific RuntimeClass extended for IBM SE and created automatically, so that I can deploy confidential workloads with the correct TEE settings.

Description:

Implement dynamic creation of the kata-cc RuntimeClass based on detected TEE hardware capabilities. The operator will create a single RuntimeClass and configure its handler (kata-cc-ibm along with tdx and sev-snp) and nodeSelector fields with the appropriate values for the detected TEE. This ensures that confidential workloads are scheduled only to nodes with the correct hardware and use the correct runtime handler.

Acceptance Criteria:

• When a single TEE type (IBM SE or TDX or SNP) is detected on nodes in the pool, a RuntimeClass named kata-cc is created.
• The handler field of the kata-cc RuntimeClass is set to kata-cc-ibm for IBM SE nodes.
• The nodeSelector of the RuntimeClass is correctly set to the NFD label of the detected TEE (e.g., ibm.feature.node.kubernetes.io/se: "true").
• The operator correctly cleans up the kata-cc RuntimeClass when the confidential computing feature is disabled or TEE hardware is no longer detected.

  Testing Considerations:

  - Unit Tests: RuntimeClass generation with correct specifications for IBM SE TEE type

  - Unit Tests: Test node selector and resource requirement settings

  - Integration Tests: RuntimeClass creation/update/deletion based on IBM SE hardware changes

  - Integration Tests: Verify only appropriate RuntimeClass is created per TEE type incase of IBM SE as well

  - Validation Tests: RuntimeClass YAML structure and field correctness for IBM SE

  - E2E Tests: Deploy test pods using generated RuntimeClasses incase of IBM SE