Documentation snippet:

Users don't need to do anything when they try to run a Knative Service with root or use privileged capabilities eg. use privileged ports, other than using anyuid scc or a custom scc linked to their workload service account. This has not changed under PSS.
It is a known issue that users will get warnings (in audit logs) regarding their workloads wrt PSA compliance on OCP <=4.12 but these will be resolved in future OCP versions 4.13+ by OCP. Note that Knative services are run with restricted-v2 scc by default unless user changes that eg. by using some other scc.