Background

Created from https://redhat-internal.slack.com/archives/C04BSV48DJS/p1736419254957749 

Right now the Observe menu is not enabled for non admin users. It can be enabled by adding user to the `cluster-monitoring-view` role. However this role gives user access to get all namespaces which is not what regular users have.

Also the observability backends use observatorium/api with observatorium/opa which returns list of projects a user can access for authorization purposes in the API gateway. Hence if the user always has access to all namespaces RBAC implementation would have to use a different mechanism (object).

The proposal here is to change this behavior and remove the requirement on RBAC to get all namespaces to view the observe menu with all UI plugins. 

Outcomes

[Please list the expected outcomes]

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: "2024-12-10T13:43:50Z"
  labels:
    app.kubernetes.io/managed-by: cluster-monitoring-operator
    app.kubernetes.io/part-of: openshift-monitoring
  name: cluster-monitoring-view
  resourceVersion: "29612"
  uid: 79354a97-7771-435d-82e2-2aefecac7c6c
rules:
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
- apiGroups:
  - monitoring.coreos.com
  resourceNames:
  - k8s
  resources:
  - prometheuses/api
  verbs:
  - get
  - create
  - update