Set readOnlyRootFilesystem to true

An immutable root file system prevents applications from writing to their local disk

config/manager/manager.yaml

@@ -56,6 +56,7 @@ spec:
           key: node-role.kubernetes.io/infra
           operator: Exists
       securityContext:
+        readOnlyRootFilesystem: true
         runAsNonRoot: true
       priorityClassName: system-cluster-critical
       containers: