Backport of NET-5186 Add NET_BIND_SERVICE to built-in PSPs for consul-dataplane deployments into release/1.0.x

[hc-github-team-consul-core]

Backport

This PR is auto-generated from #2890 to be assessed for backporting due to the inclusion of the label backport/1.0.x.

The below text is copied from the body of the original PR.

---

Changes proposed in this PR:
PodSecurityPolicy needs to add the NET_BIND_SERVICE capability for any Deployment that includes consul-dataplane.

A search for these in the consul-k8s repo yields:

How I've tested this PR:

1. Create a GKE cluster with PodSecurityPolicy enforcement enabled

$ gcloud beta container clusters create cluster-1 --cluster-version=1.24 --enable-pod-security-policy

3. Deploy Consul with PodSecurityPolicy enabled as well as the various gateway types and the telemetry collector

global:
  enablePodSecurityPolicies: true
telemetryCollector:
  enabled: true
meshGateway:
  enabled: true
terminatingGateways:
  enabled: true
ingressGateways:
  enabled: true
  gateways:
  - name: ingress-gateway
    service:
      type: LoadBalancer
      ports:
      - port: 80

4. Verify that dataplane container in ingress-gateway, mesh-gateway, terminating-gateway and telemetry-collector pods successfully starts up. A failure scenario looks like exec /usr/local/bin/consul-dataplane: operation not permitted.

How I expect reviewers to test this PR:

Checklist:

• Tests added
• CHANGELOG entry added

---

Overview of commits

• 358750b

[hashicorp-cla]

All committers have signed the CLA.

[nathancoleman]

Matches source PR except for the telemetry collector which doesn't exist in this version