Fix log streaming error.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

tkn-results: Add service account based auth.

The Result API accepts bearer token auth, which is then checked against
the cluster. For human accounts, this means accepting a token that
likely has much higher priviledge than the Result API needs. As an
alternative, this adds support for fetching a service account bearer
token as a delegate for Result operations - the service account is
expected to have much finer permissions, reducing the scope / blast
radius of the credential.

This change:
- Adds a service_account config field
- Refactors client creation to allow for fake dependencies (i.e. k8s
client) to be injected for tests.
- Adds tests for token generation, SSL cert reading.

docs: Update expected db secret properties to postgres

docs: Fix initial postgres password generation command.

Uses correct envvar keys and switches user from root -> postgres.

Add results-release service account.

This service account includes the Workload Identity annotations
(https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to) to map this to a correspond GCP Service Account.

Workload Identity is already enabled for the dogfooding cluster.

[watcher] Use MergePatch type instead of JSON Patch.

If a resource is missing an annotation field, the JSONPatch add will
fail because the parent is missing. Instead, use MergePatch to
automatically create, update, or add the annotation.

Move top level docs to docs folder.

This is necessary for the Tekton website to render this page properly
(it assumes everything is rooted in 1 folder).

GitHub supports rendering project READMEs stored in the docs folder
(https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-readmes)
so this should have minimal impact on the browser UX.