Add support for running the operator in "namespace scope"

[tiesmaster]

Currently, this operator can only run in "cluster scope", AFAICT. So it requires cluster roles, and cluster role bindings. This gives issues in our multi-tenant environment environment, and prevents us from allowing our customers to install this operator.

What do I mean by "cluster scope" vs "namespaced scope"? This is probably well-known in the community, but just to clarify. The Operator SDK has a good topic on this (I know this operator is built via the controller-runtime, but it's about the concept).

I can work on a PR, if you're interested.