Add missing rbacs

[oshoval]

What this PR does / why we need it:
Lately blockOwnerDeletion was added (finalizer fix PR).
On OpenShift there is an additional protection, that setting blockOwnerDeletion requires
to be able to set finalizers on the owner.
The owner might be either VM or VMI.
Add the missing rbacs.

2024-08-11T10:41:43Z	ERROR	Reconciler error	{"controller": "virtualmachineinstance", "controllerGroup": "kubevirt.io", "controllerKind": "VirtualMachineInstance", "VirtualMachineInstance": {"name":"vma-localnet-ipam-medium-pool","namespace":"localnet-ipam"}, "namespace": "localnet-ipam", "name": "vma-localnet-ipam-medium-pool", "reconcileID": "9d6cb8f1-87be-410b-8b92-3efce065cd2d", "error": "ipamclaims.k8s.cni.cncf.io \"vma-localnet-ipam-medium-pool.ipam-network\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>"}

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:
https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement

Seems it will be good to enable OwnerReferencesPermissionEnforcement on kind,
ovn-kubernetes/ovn-kubernetes#4608
For now just used it to make sure i can simulate the bug on kind, and that this PR does solve it.

Checklist

This checklist is not enforcing, but it's a reminder of items that could be relevant to every PR.
Approvers are expected to review this list.

• Design: A design document was considered and is present (link) or not required
• PR: The PR description is expressive enough and will help future contributors
• Code: Write code that humans can understand and Keep it simple
• Refactor: You have left the code cleaner than you found it (Boy Scout Rule)
• Upgrade: Impact of this change on upgrade flows was considered and addressed if required
• Testing: New code requires new unit tests. New features and bug fixes require at least on e2e test
• Documentation: A user-guide update was considered and is present (link) or not required. You want a user-guide update if it's a user facing feature / API change.
• Community: Announcement to kubevirt-dev was considered

Release note:

[oshoval]

lanes failed due to backoff polling quay.io/kubevirtci/alpine-container-disk-demo:devel_alt
which is weird

/retest

[oshoval]

clean main is also broken #55

[oshoval]

seems #56 fix main branch state
(well at least some tests passed there and didnt before, lets wait for it to finish)

[oshoval]

Thanks Miguel, we would need please #56 first as it blocks the whole CI on this repo
EDIT - we would also need /approve please

[oshoval]

rebased to take the main branch fix

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment