Fix Kubernetes RBAC permissions for controller

[JoshuaAFerguson]

…d Templates

The controller-runtime library watches resources at cluster scope by default, requiring a ClusterRole instead of namespace-scoped Role permissions.

• Rename streamspace-controller-crd-reader to streamspace-controller ClusterRole
• Add stream.space resources (sessions, templates) with full CRUD permissions
• Add coordination.k8s.io/leases for leader election
• Update ClusterRoleBinding to reference new ClusterRole name

This fixes the "cannot list resource at the cluster scope" RBAC errors.