capo-gateway-validation fails with insufficient permissions

Summary

On Openstack deployment, when defining additional interface for node VMs, capo-gateway-validation unit fails.

Steps to reproduce

Define additional interface on capo cluster:

values.yaml

[...]
cluster:
  [...]
  machine_deployments:
    md0:
      replicas: 3
      capo:
        failure_domain: nova
      network_interfaces:
        virt:
          network: 
            id: xxxxx-xxxx-xxxx-xxxx-xxxxxxxx # <= my additional network

What is the current bug behavior?

Kube-job pods are crashing with following output:

$ k logs capo-gateway-validation-xbgds
Creating Network CRD: capo-network-0 76759c52-f180-4931-ade6-063bfb332006
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "openstack.k-orc.cloud/v1alpha1, Resource=networks", GroupVersionKind: "openstack.k-orc.cloud/v1alpha1, Kind=Network"
Name: "capo-network-0", Namespace: "sylva-system"
from server for: "/tmp/tmp.kjhHmP/capo-network-0.yaml": networks.openstack.k-orc.cloud "capo-network-0" is forbidden: User "system:serviceaccount:sylva-system:capo-gateway-validation-sa" cannot get resource "networks" in API group "openstack.k-orc.cloud" in the namespace "sylva-system"
cleaning up temp dir...
cleaning up Network/Subnet resources...
Error from server (Forbidden): networks.openstack.k-orc.cloud "capo-network-0" is forbidden: User "system:serviceaccount:sylva-system:capo-gateway-validation-sa" cannot delete resource "networks" in API group "openstack.k-orc.cloud" in the namespace "sylva-system"

What is the expected correct behavior?

capo-gateway-validation script should run properly.

Possible fixes

It is probably linked to recent change on kube-job permissions