Add apiextensions.k8s.io and dapr.io RBAC permissions to dynamic-rp service account (#11350)

# Description

The `dynamic-rp` service account lacks RBAC permissions required when
deploying Dapr Recipes. Two failures occur:

1. Cannot list CRDs (`apiextensions.k8s.io`) to resolve GVKs for custom
resources
2. Cannot manage Dapr resources (`dapr.io`) in target namespaces

Adds two rule blocks to the `dynamic-rp` ClusterRole:

- **`apiextensions.k8s.io/customresourcedefinitions`** — `get`, `list`,
`watch` (needed to look up GVKs among available CRDs)
- **`dapr.io`** — `components`, `subscriptions`, `configurations`,
`resiliencies` with full CRUD (matches the existing `applications-rp`
pattern for Dapr resource management)

## Type of change

- This pull request fixes a bug in Radius and has an approved issue
(issue link required).

## Contributor checklist
Please verify that the PR meets the following requirements, where
applicable:

<!--
This checklist uses "TaskRadio" comments to make certain options
mutually exclusive.
See:
https://github.com/mheap/require-checklist-action?tab=readme-ov-file#radio-groups
For details on how this works and why it's required.
-->

- An overview of proposed schema changes is included in a linked GitHub
issue.
    - [ ] Yes <!-- TaskRadio schema -->
    - [x] Not applicable <!-- TaskRadio schema -->
- A design document PR is created in the [design-notes
repository](https://github.com/radius-project/design-notes/), if new
APIs are being introduced.
    - [ ] Yes <!-- TaskRadio design-pr -->
    - [x] Not applicable <!-- TaskRadio design-pr -->
- The design document has been reviewed and approved by Radius
maintainers/approvers.
    - [ ] Yes <!-- TaskRadio design-review -->
    - [x] Not applicable <!-- TaskRadio design-review -->
- A PR for the [samples
repository](https://github.com/radius-project/samples) is created, if
existing samples are affected by the changes in this PR.
    - [ ] Yes <!-- TaskRadio samples-pr -->
    - [x] Not applicable <!-- TaskRadio samples-pr -->
- A PR for the [documentation
repository](https://github.com/radius-project/docs) is created, if the
changes in this PR affect the documentation or any user facing updates
are made.
    - [ ] Yes <!-- TaskRadio docs-pr -->
    - [x] Not applicable <!-- TaskRadio docs-pr -->
- A PR for the [recipes
repository](https://github.com/radius-project/recipes) is created, if
existing recipes are affected by the changes in this PR.
    - [ ] Yes <!-- TaskRadio recipes-pr -->
    - [x] Not applicable <!-- TaskRadio recipes-pr -->

<!-- START COPILOT CODING AGENT TIPS -->
---

💡 You can make Copilot smarter by setting up custom instructions,
customizing its development environment and configuring Model Context
Protocol (MCP) servers. Learn more [Copilot coding agent
tips](https://gh.io/copilot-coding-agent-tips) in the docs.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: willtsai <28876888+willtsai@users.noreply.github.com>
Co-authored-by: kachawla <74574173+kachawla@users.noreply.github.com>

(cherry picked from commit 0980cf9)
Signed-off-by: Dariusz Porowski <3431813+DariuszPorowski@users.noreply.github.com>

Author: Copilot

deploy/Chart/templates/dynamic-rp/rbac.yaml

@@ -63,6 +63,33 @@ rules:
   - update
   - watch
 
+# Terraform kubernetes provider needs to look up GVKs among available CRDs.
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+
+# Dapr resources for Recipes deployment.
+- apiGroups:
+  - dapr.io
+  resources:
+  - components
+  - subscriptions
+  - configurations
+  - resiliencies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+
 # Integration with DE's API.
 - apiGroups:
   - apps