1. Proposed title of this feature request

Create ServiceAccount and RoleBinding automatically for namespaced EventListeners

2. What is the nature and description of the request?

When namespaceSelector is used in an EventListener, the corresponding ServiceAccount and RoleBinding needed are not created automatically. Instead, the pods are returning the following error:

{"level":"fatal","ts":"2021-11-17T07:53:17.182Z","logger":"eventlistener","caller":"eventlistenersink/main.go:104","msg":"Error reading ConfigMap config-observability-triggers","knative.dev/controller":"eventlistener","error":"configmaps \"config-observability-triggers\" is forbidden: User \"system:serviceaccount:sre-tekton-pipelines:sre-tekton-pipelines-sa\" cannot get resource \"configmaps\" in API group \"\" in the namespace \"sre-tekton-pipelines\"","stacktrace":"main.main\n\t/opt/app-root/src/go/src/github.com/tektoncd/triggers/cmd/eventlistenersink/main.go:104\nruntime.main\n\t/usr/lib/golang/src/runtime/proc.go:203"}

The request would be to be able to get this automatic as well as it happens when namespaceSelector is not used.

The upstream documentation does not include instructions to do this manually. Therefore, my understanding is that this is probably implemented there.

3. Why does the customer need this? (List the business requirements here)

Otherwise, they have to create the objects manually and that implies additional workload.

4. List any affected packages or components.

OpenShift Pipelines.