Fix WebHook controller crashing on minishift

[sthaha]

Installing tekton on minishift fails to bring up webhook-controller pod
due missing RBAC policy. Pod logs shows the following error

{
  "level":"error",
  "logger":"webhook",
  "caller":"webhook/webhook.go:310" ,
  "msg":"failed to register webhook"
  "knative.dev/controller":"webhook"
  "error":"failed to create a webhook: mutatingwebhookconfigurations.admissionregistration.k8s.io
      \"webhook.tekton.dev\" is forbidden:
      cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: no RBAC policy matched
 "
"stacktrace":"
  github.com/knative/build-pipeline/vendor/github.com/knative/pkg/webhook.(*AdmissionController).Run
      /usr/local/google/home/jasonhall/go/src/github.com/knative/build-pipeline/vendor/github.com/knative/pkg/webhook/webhook.go:310
  main.main
      /usr/local/google/home/jasonhall/go/src/github.com/knative/build-pipeline/cmd/webhook/main.go:97"
}

This patch fixes it by adding the missing rules for
deployments/finailizer resource to the cluster-role.

Changes

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

• Includes tests (if functionality changed/added)
• Includes docs (if user facing)
• Commit messages follow commit message best practices

See the contribution guide
for more details.

Release Notes

Updates `tekton-pipelines-admin` clusterrole to have full access to `deployments/finalizers`

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[sthaha]

I signed it!

[googlebot]

CLAs look good, thanks!

ℹ️ Googlers: Go here for more info.

[sthaha]

/assign vdemeester

[vdemeester]

/ok-to-test

[shashwathi]

/lgtm

[knative-prow-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: shashwathi, sthaha

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [shashwathi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[bobcatfish]

(note @sthaha I updated your release note!)

[sthaha]

(note @sthaha I updated your release note!)

Thank you! If you could point me at the commit, I will have release notes updated as well next time I submit a patch.