Currently, Istio Operator removes istio-reader-clusterrole and the related role binding, so users who deploy multi-cluster can't grant proper privileges for a remote control plane.

Acceptance criteria:
When a user deploys multi-cluster SMCP, Istio Operator creates:
1) ServiceAccount istio-reader-service-account.
2) ClusterRole istio-reader-clusterrole-<smcp-name>.
3) ClusterRoleBinding istio-reader-clusterrole-<smcp-name>.