RBAC encode

Add support for specifying an RBAC_FILE variable to deploy jobs.

Specifying a filepath e.g. rbac.yaml will cause the job to base64 encode the yaml snippet into an environment variable that can then be passed to a sidecar container.

Example rbac.yaml:

rules:
  action: DENY
  policies:
    "iwoca-tech":
      permissions:
        - not_rule:
          header: { name: "X-Iwoca-Groups", contains_match: '"tech"' }
      principals:
      - any: true