Merge pull request #64281 from wangzhen127/es-seccomp

Automatic merge from submit-queue (batch tested with PRs 64281, 62991). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Use default seccomp profile for flutend-elasticsearch addons

**What this PR does / why we need it**:
This PR sets the default seccomp profile to 'docker/default' for:
- fluentd-es daemon set.
- kibana-logging deployment.

The elasticsearch-logging stateful set is still unconfined because it uses gce:podsecuritypolicy:privileged.

This PR is a followup of #62662. We are using 'docker/default' instead of 'runtime/default' in addons in order to handle node version skew. When seccomp profile is applied automatically by default later, we can remove those annotations.

This is PR is part of #39845.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```

cluster/addons/fluentd-elasticsearch/fluentd-es-ds.yaml

@@ -71,6 +71,7 @@ spec:
       # Note that this does not guarantee admission on the nodes (#40573).
       annotations:
         scheduler.alpha.kubernetes.io/critical-pod: ''
+        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
     spec:
       priorityClassName: system-node-critical
       serviceAccountName: fluentd-es

cluster/addons/fluentd-elasticsearch/kibana-deployment.yaml

@@ -16,6 +16,8 @@ spec:
     metadata:
       labels:
         k8s-app: kibana-logging
+      annotations:
+        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
     spec:
       containers:
       - name: kibana-logging