Grant the privileges required for graceful shutdowns to the admin user in the OPA rego rules

[siegfriedweber]

Description

Grant the privileges required for graceful shutdowns to the admin user in the OPA rego rules

Required for #574

Definition of Done Checklist

• Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
• Please make sure all these things are done and tick the boxes

# Author
- [x] Integration tests passed (for non trivial changes)

# Reviewer
- [x] Code contains useful comments
- [ ] Code contains useful logging statements
- [x] (Integration-)Test cases added
- [ ] Documentation added or updated. Follows the [style guide](https://docs.stackable.tech/home/nightly/contributor/docs-style-guide).
- [ ] Changelog updated
- [x] Cargo.toml only contains references to git tags (not specific commits or branches)

# Acceptance
- [ ] Feature Tracker has been updated
- [ ] Proper release label has been added
- [ ] [Roadmap](https://github.com/orgs/stackabletech/projects/25/views/1) has been updated

[siegfriedweber]

✅ https://ci.stackable.tech/view/02%20Operator%20Tests%20(custom)/job/trino-operator-it-custom/119/

[sbernauer]

The idea and change LGTM. However, I would prefer if we don't slam just every permission on the admin user, but would only add the need permissions, rw on system_information in this case. I know this might make the rules a bit more complicated...

I would be even happier if we would use meanifung names, so not admin but graceful-shutdown for graceful shutdown. But I need to check what happens on TrinoClusters without OPA (will they get a 403?)

[sbernauer]

Many thanks

[sbernauer]

FYI, I'm copying the new rule to the end-to-end-security demo. I hope they will not be changed before merging