feat: add kubernetes ldap groups

vault's terraform approle doesnt need to access all of these kubernetes
roles, it was just added as a placeholder and access to the kubernetes
roles was via the `vault_admin` to-much-access account. this is an
effort to roll back that and make access more targeted.

- add kubernetes* ldap groups for specific cluster/role combinations
- remove tf_vault from kubernetes* roles

config/auth_ldap_group/ldap/kubernetes_au_syd1_cluster_admin.yaml

@@ -0,0 +1,3 @@
+---
+# this file doesnt need anything in it, so this data is just to make sure yamlencode reads some yaml data
+description: foo

config/auth_ldap_group/ldap/kubernetes_au_syd1_cluster_operator.yaml

@@ -0,0 +1,3 @@
+---
+# this file doesnt need anything in it, so this data is just to make sure yamlencode reads some yaml data
+description: foo

config/auth_ldap_group/ldap/kubernetes_au_syd1_cluster_root.yaml

@@ -0,0 +1,3 @@
+---
+# this file doesnt need anything in it, so this data is just to make sure yamlencode reads some yaml data
+description: foo

policies/kubernetes/au/syd1/creds/cluster-admin.yaml

@@ -6,5 +6,5 @@ rules:
       - update
 
 auth:
-  approle:
+  ldap:
-    - tf_vault
+    - kubernetes_au_syd1_cluster_admin

policies/kubernetes/au/syd1/creds/cluster-operator.yaml

@@ -6,5 +6,5 @@ rules:
       - update
 
 auth:
-  approle:
+  ldap:
-    - tf_vault
+    - kubernetes_au_syd1_cluster_operator

policies/kubernetes/au/syd1/creds/cluster-root.yaml

@@ -8,3 +8,5 @@ rules:
 auth:
   approle:
     - terraform_k8s
+  ldap:
+    - kubernetes_au_syd1_cluster_root