Create initial admin RBAC for CNV-QE (openshift#11599)

* Create initial admin RBAC for CNV-QE

* Update RBAC namespace to cnv-qe

* Use user.openshift.io/v1 for Group resource in cnv-qe

services/cnv-qe/OWNERS

@@ -0,0 +1,2 @@
+approvers:
+- sarahbx

services/cnv-qe/README.md

@@ -0,0 +1,10 @@
+# cnv-qe Infrastructure
+
+## Generating an Image Pull Credential
+
+First, log in to [the cluster](https://api.ci.openshift.org/console/catalog). Then, run:
+
+
+```sh
+oc get secrets --namespace cnv-qe -o json | jq '.items[] | select(.type=="kubernetes.io/dockercfg") | select(.metadata.annotations["kubernetes.io/service-account.name"]=="image-puller") | .data[".dockercfg"]' --raw-output | base64 --decode | jq 'with_entries(select(.key == "registry.svc.ci.openshift.org"))'
+```

services/cnv-qe/admin_rbac.yaml

@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    openshift.io/description: Test infrastructure that supports cnv-qe
+    openshift.io/display-name: cnv-qe CI
+  name: cnv-qe
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: image-puller
+  namespace: cnv-qe
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cnv-qe-image-puller-binding
+  namespace: cnv-qe
+roleRef:
+  kind: ClusterRole
+  apiGroup: rbac.authorization.k8s.io
+  name: system:image-puller
+subjects:
+- kind: ServiceAccount
+  namespace: cnv-qe
+  name: image-puller
+---
+kind: Group
+apiVersion: user.openshift.io/v1
+metadata:
+  name: cnv-qe-admins
+users:
+- sarahbx
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cnv-qe-admins-binding
+  namespace: cnv-qe
+roleRef:
+  kind: ClusterRole
+  apiGroup: rbac.authorization.k8s.io
+  name: admin
+subjects:
+- kind: Group
+  apiGroup: rbac.authorization.k8s.io
+  name: cnv-qe-admins