Configure terminal pods to adhere to PSS and allow only required capabilities

[dimityrmirchev]

What would you like to be added:
As of now terminal pods do not set much of the Pod Security Standards controls. It would be beneficial if these pods adhere to the PSS as much as possible, i.e. allow only required capabilities. Such configuration would include (non-exhaustive list of settings(Pod Security Context reference)):

• dropping container capabilities and only allowing required capabilities
• running as non root when possible (runAsNonRoot )
• setting the SeccompProfile to RuntimeDefault
• forbid allowPrivilegeEscalation
• set readOnlyRootFilesystem if possible
• consider mounting volumes as readonly if possible

[gardener-ci-robot]

The Gardener project currently lacks enough active contributors to adequately respond to all issues.
This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 60d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 60d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as active with /lifecycle active
• Mark this issue as frozen with /lifecycle frozen
• Mark this issue as fresh with /remove-lifecycle stale
• Mark this issue as rotten with /lifecycle rotten
• Close this issue with /close

/lifecycle stale