chore: rollback service account name when upgrading componentdefinition

[cjc7373]

In #8328, pod's serviceaccount name has been changed to kb-{cmpdName} so that pods with the same cmpd can share one serviceaccount. However, this leads to a problem that when upgrading a component's cmpd (by changing the .spec.compDef field in component object), it will trigger a pod restart since serviceaccount has changed.

To avoid pod restarting, we can rollback a serviceaccount change if the underlying policyrules do not change.

An alternate solution is to change the serviceaccount name rule back to kb-{clusterName}-{componentName}. But this way can lead to a pod restart to all existing clusters.

[apecloud-bot]

Auto Cherry-pick Instructions

Usage:
  - /nopick: Not auto cherry-pick when PR merged.
  - /pick: release-x.x [release-x.x]: Auto cherry-pick to the specified branch when PR merged.

Example:
  - /nopick
  - /pick release-1.0

[github-actions]

This PR is stale because it has been open 45 days with no activity. Remove stale label or comment

[codecov]

Codecov Report

❌ Patch coverage is 62.25490% with 77 lines in your changes missing coverage. Please review.
✅ Project coverage is 50.99%. Comparing base (1cd2f9c) to head (36e88f8).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...llers/apps/component/transformer_component_rbac.go	70.83%	28 Missing and 14 partials ⚠️
controllers/apps/componentdefinition_controller.go	33.33%	24 Missing and 2 partials ⚠️
pkg/controller/builder/builder_cluster_role.go	0.00%	7 Missing ⚠️
pkg/constant/pattern.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9518      +/-   ##
==========================================
- Coverage   51.06%   50.99%   -0.08%     
==========================================
  Files         541      542       +1     
  Lines       58340    58510     +170     
==========================================
+ Hits        29793    29837      +44     
- Misses      25611    25720     +109     
- Partials     2936     2953      +17     

Flag	Coverage Δ
unittests	50.99% <62.25%> (-0.08%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[cjc7373]

The new approach is:

• add a hash to indicate the policy rule, lifecycle action and restart status
• when a cmpd upgrade happens
  • if the hash has not changed: don't change serviceaccount name
  • if it does change, switch to the new naming rule (kb-{clusterName}-{componentName})
• when a new cluster creates, use the new naming rule