feat: added securityContext to container spec in edge and cloud workers

cue/components/cloud-worker.cue

@@ -75,6 +75,11 @@ template: {
 							if parameter["readinessProbe"] != _|_ {
 								readinessProbe: parameter.readinessProbe
 							}
+
+							if parameter["securityContext"] != _|_ {
+								securityContext: parameter.securityContext								
+							}
+
 						}
 
 					]
@@ -122,6 +127,27 @@ template: {
 		// +usage=Args to run for the command
 		args?: [...string]
 
+		// +usage=Specifies the SecurityContext of the container
+		securityContext?: {
+			allowPrivilegeEscalation?: bool
+			capabilities?: {
+				add?: [...string]
+				drop?: [...string]
+			}
+			privileged?: bool
+			// procMount currently ununsed
+			// procMount?: string
+			readOnlyRootFilesystem?: bool
+			runAsGroup?: int
+			runAsNonRoot?: bool
+			runAsUser?: int
+			// seLinuxOptions currently ununsed
+			// seLinuxOptions?: {...}
+			// seccompProfile currently ununsed
+			// seccompProfile?: {}
+			// windowsOptions never used
+		}
+
 		// +usage=Define arguments by using environment variables
 		env?: [...{
 			// +usage=Environment variable name

cue/components/edge-worker.cue

@@ -79,6 +79,10 @@ template: {
 							if parameter["readinessProbe"] != _|_ {
 								readinessProbe: parameter.readinessProbe
 							}
+
+							if parameter["securityContext"] != _|_ {
+								securityContext: parameter.securityContext								
+							}
 						}
 
 					]
@@ -132,6 +136,27 @@ template: {
 		// +usage=Args to run for the command
 		args?: [...string]
 
+		// +usage=Specifies the SecurityContext of the container
+		securityContext?: {
+			allowPrivilegeEscalation?: bool
+			capabilities?: {
+				add?: [...string]
+				drop?: [...string]
+			}
+			privileged?: bool
+			// procMount currently ununsed
+			// procMount?: string
+			readOnlyRootFilesystem?: bool
+			runAsGroup?: int
+			runAsNonRoot?: bool
+			runAsUser?: int
+			// seLinuxOptions currently ununsed
+			// seLinuxOptions?: {...}
+			// seccompProfile currently ununsed
+			// seccompProfile?: {}
+			// windowsOptions never used
+		}
+
 		// +usage=Define arguments by using environment variables
 		env?: [...{
 			// +usage=Environment variable name

dev/manifests/applications/examples/edge-nats-box.yaml

@@ -10,6 +10,8 @@ spec:
       type: edge-worker
       properties:
         image: natsio/nats-box:latest
+        imagePullSecrets:
+          - mysecret
         name: nats-box
         runtime:
           - mydevice
@@ -19,6 +21,15 @@ spec:
           - --
         args:
           - "while true; do sleep 1; done;"
+        securityContext:
+          privileged: false
+          capabilities:
+            add:
+              - CAP_SYS_RAWIO
+              - CAP_NET_ADMIN
+            drop:
+              - CAP_KILL
+
       traits:
         - type: edge-network-participant
           properties:

manifests/vela-caps/components/cloud-worker.yaml

@@ -71,6 +71,11 @@ spec:
         						if parameter["readinessProbe"] != _|_ {
         							readinessProbe: parameter.readinessProbe
         						}
+
+        						if parameter["securityContext"] != _|_ {
+        							securityContext: parameter.securityContext
+        						}
+
         					},
 
         				]
@@ -117,6 +122,27 @@ spec:
         	// +usage=Args to run for the command
         	args?: [...string]
 
+        	// +usage=Specifies the SecurityContext of the container
+        	securityContext?: {
+        		allowPrivilegeEscalation?: bool
+        		capabilities?: {
+        			add?: [...string]
+        			drop?: [...string]
+        		}
+        		privileged?: bool
+        		// procMount currently ununsed
+        		// procMount?: string
+        		readOnlyRootFilesystem?: bool
+        		runAsGroup?:             int
+        		runAsNonRoot?:           bool
+        		runAsUser?:              int
+        		// seLinuxOptions currently ununsed
+        		// seLinuxOptions?: {...}
+        		// seccompProfile currently ununsed
+        		// seccompProfile?: {}
+        		// windowsOptions never used
+        	}
+
         	// +usage=Define arguments by using environment variables
         	env?: [...{
         		// +usage=Environment variable name

manifests/vela-caps/components/edge-worker.yaml

@@ -75,6 +75,10 @@ spec:
         						if parameter["readinessProbe"] != _|_ {
         							readinessProbe: parameter.readinessProbe
         						}
+
+        						if parameter["securityContext"] != _|_ {
+        							securityContext: parameter.securityContext
+        						}
         					},
 
         				]
@@ -127,6 +131,27 @@ spec:
         	// +usage=Args to run for the command
         	args?: [...string]
 
+        	// +usage=Specifies the SecurityContext of the container
+        	securityContext?: {
+        		allowPrivilegeEscalation?: bool
+        		capabilities?: {
+        			add?: [...string]
+        			drop?: [...string]
+        		}
+        		privileged?: bool
+        		// procMount currently ununsed
+        		// procMount?: string
+        		readOnlyRootFilesystem?: bool
+        		runAsGroup?:             int
+        		runAsNonRoot?:           bool
+        		runAsUser?:              int
+        		// seLinuxOptions currently ununsed
+        		// seLinuxOptions?: {...}
+        		// seccompProfile currently ununsed
+        		// seccompProfile?: {}
+        		// windowsOptions never used
+        	}
+
         	// +usage=Define arguments by using environment variables
         	env?: [...{
         		// +usage=Environment variable name