control Rancher group/role bindings from workload-cluster sylva-units

This is related to #3127 (closed)

The place where is it more natural to define the binding between a given Keycloak group and a Sylva cluster (a Rancher Cluster.management.cattle.io resource) is from the instantiation of sylva-units of that Sylva cluster.

To achieve this, we discussed the following idea together with @samuelbartel:

• add a new rancher-group-role-bindings unit (or another name ...) in sylva-units/workload-cluster.values.yaml
• it will instantiate https://gitlab.com/sylva-projects/sylva-elements/helm-charts/rancher-roles-management, but passing to this chart values only for the role_assignments dicts, and defining only assignments for the current workload cluster

Pseudo-code:

rancher_group_role_bindings:
  group-a:
  - role1
  - role2
  group-b:
  - role1
  - role2

units:
  rancher-group-role-bindings:
    # chart: rancher-roles-management
    helmrelease_spec:
      values:
        role_assignments: |
          {{/* code reading .Values.rancher_group_role_bindings */}}
          {{/* and producing the datastructure expected by rancher-roles-management under role_assignments */* 
          {{- $role_assignments := dict -}}
          {{- range $group,$roles := .Values.rancher_group_role_bindings -}}
            ...
            {{/* inject .Values.cluster.name  as key under $group.assignments ... /*}}
             
          {{- end -}}
          {{- $role_assignments | include "preserve-type" -}}