Currently, only cluster wide admins have the permissions to view
metrics resources. This fixes it by adding a read-only cluster role
which includes aggregation labels to synthesize permission rules for
standard user-facing roles according to [1].

Note that only the "pods" resource is granted as reading "nodes"
metrics requires a cluster wide permission.

[1] https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles