Proposed title of this feature request

Enable role-based permissions for multi log forwarder

What is the nature and description of the request?

Using the multi log forwarder, users are able to forward logs from projects they do not have RBAC access to. Example:

• Deploy an instance of Multi-CLF in ns1, added RBAC to allow a serviceaccount in ns1 to collect application logs.
• Adding ns1 and ns2 in the list of CLF inputs namespaces to be forwarded, and both are forwarded.
• Note that the serviceaccount in ns1 has no permissions in ns2 except the clusterrole collect-application-logs

Why does the customer need this? (List the business requirements)

Having RBAC to prevent log forwarding serviceaccounts from forwarding logs from other namespaces is a requirement for the feature to be usable in multi-tenant environments (security and privacy compliance, etc).

List any affected packages or components.

ClusterLogForwarder