Describe the bug

Within the trident-controller deployment, all containers except the csi-resizer have a securityContext specified, which contains a capabilities: drop all. There is no obvious reason why the csi-resizer sidecar should not be able to run with the same securityContext to follow least-privilege best practises. It looks like it might be an oversight that this sidecar does not have it set?

Environment
Provide accurate information about the environment to help us reproduce the issue.

• Trident version: 24.10

Expected behavior

In a standard deployment of Trident, the csi-resizer container should also include a securityContext that drops unneeded privileges, such as

        securityContext:
          capabilities:
            drop:
            - all