feat(argo-cd): add custom roleRules support for application-controller

[puretension]

Description

Fixes #3414 - Add possibility to customize Role rules for application-controller when running in namespace-scoped environments with security constraints. This follows the same pattern as the existing clusterRoleRules feature and addresses the need for custom RBAC rules in namespace-scoped deployments.

Changes

• Add controller.roleRules.enabled configuration option (default: false)
• Add controller.roleRules.rules array for custom RBAC rules
• Update Role template to conditionally use custom rules when enabled
• Maintain backward compatibility with existing default rules

Usage

controller:
  roleRules:
    enabled: true
    rules:
      - apiGroups:
        - ""
        resources:
        - pods
        verbs:
        - get
        - list
        - watch
      - apiGroups:
        - apps
        resources:
        - replicasets
        verbs:
        - get
        - list

Testing

• Tested with default configuration (existing behavior preserved)
• Tested with custom roleRules enabled
• Helm template rendering verified for both scenarios

---

Checklist:

• I have bumped the chart version according to versioning
• I have updated the documentation according to documentation
• I have updated the chart changelog with all the changes that come with this pull request according to changelog.
• Any new values are backwards compatible and/or have sensible default.
• I have signed off all my commits as required by DCO.
• I have created a separate pull request for each chart according to pull requests
• My build is green (troubleshooting builds).

[puretension]

Sorry for the confusion!
I had to close this PR due to merge conflicts with the main branch.

I've created a new PR with the same changes based on the latest upstream main branch to avoid conflicts: #3500

Please review the new PR instead. Thank you for your understanding! 🙏