Consider ClusterRole for tap.linkerd.io #3177
Description
PR #3167 introduced a TAP APIService, authorized via RBAC. Aside from cluster-admins, tapping resources now requires new explicit RBAC privileges.
Consider introducing a ClusterRole to give users tap privileges.
Context: #3167 (review)