Permissions Check for Custom Service Accounts #718
Description
Is your feature request related to a problem? Please describe.
Currently the RBAC provided in the helm chart is geared around the user using the default terraform-system/terraform-executor service account. If they define another service account via a Provider CRD, they need to ensure the service account has the correct RBAC permissions. At the moment this isn't obvious and leads to errors.
Describe the solution you'd like
Short-term we can update the docs - a better solution would be to check the service account has the correct permission in the first place and work on the Provider CRD status.
Additional context
We could use a SubjectAccessReview to check the permissions of the service account and ensure it's fit for purpose.