fix: add watch to validatingwebhookconfigs (#3845)

* fix: add watch to validatingwebhookconfigs

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* fix: only patch/update are resource-bound

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

---------

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

deploy/charts/external-secrets/templates/cert-controller-rbac.yaml

@@ -22,6 +22,8 @@ rules:
     - "validatingwebhookconfigurations"
     verbs:
     - "list"
+    - "watch"
+    - "get"
   - apiGroups:
     - "admissionregistration.k8s.io"
     resources:
@@ -30,8 +32,6 @@ rules:
     - "secretstore-validate"
     - "externalsecret-validate"
     verbs:
-    - "get"
-    - "watch"
     - "update"
     - "patch"
   - apiGroups: