feat: enable pod protection based on storage classes

this commit introduces a new customization on the existing PodsWithPVC
protection. this new customization allow users to make pods that refer
to a given storage class unevictable.

for example, to protect pods referring to `storage-class-0` and
`storage-class-1` this configuration can be used:

```yaml
apiVersion: "descheduler/v1alpha2"
kind: "DeschedulerPolicy"
profiles:
- name: ProfileName
  pluginConfig:
  - name: "DefaultEvictor"
    args:
      podProtections:
        extraEnabled:
        - PodsWithPVC
        config:
          PodsWithPVC:
            protectedStorageClasses:
            - name: storage-class-0
            - name: storage-class-1
```

changes introduced by this pr:

1. the descheduler starts to observe persistent volume claims.
1. a new api field was introduced to allow per pod protection config.
1. rbac had to be adjusted (+persistentvolumeclaims).

pkg/framework/plugins/defaultevictor/validation.go

@@ -72,6 +72,17 @@ func ValidateDefaultEvictorArgs(obj runtime.Object) error {
 		if hasDuplicates(args.PodProtections.ExtraEnabled) {
 			allErrs = append(allErrs, fmt.Errorf("PodProtections.ExtraEnabled contains duplicate entries"))
 		}
+
+		if slices.Contains(args.PodProtections.ExtraEnabled, PodsWithPVC) {
+			if args.PodProtections.Config != nil && args.PodProtections.Config.PodsWithPVC != nil {
+				protectedsc := args.PodProtections.Config.PodsWithPVC.ProtectedStorageClasses
+				for i, sc := range protectedsc {
+					if sc.Name == "" {
+						allErrs = append(allErrs, fmt.Errorf("PodProtections.Config.PodsWithPVC.ProtectedStorageClasses[%d] name cannot be empty", i))
+					}
+				}
+			}
+		}
 	}
 
 	return utilerrors.NewAggregate(allErrs)