Update default k8s admission controller list

There are two issues with current k8s admission controller list:

1. The default existing list is not consistent when user passes
in extra controller or not
2. The existing list is out of date.

The new list are based on below consideration:
1. Get the default list based on k8s v1.16.x[1] because it's the
supported oldest version.
2. Keep it consistent when user passes in extra controllers or not
3. Keep all the admission controllers we has used in the code

[1] https://v1-16.docs.kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#which-plugins-are-enabled-by-default

Task: 40767
Story: 2008076

Change-Id: Ie5b89b97710d2e2d41c9ce4f3ec30046390acbeb

magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh

@@ -60,7 +60,7 @@ cat > /etc/kubernetes/apiserver <<EOF
 KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"
 KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379,http://127.0.0.1:4001"
 KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
-KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
+KUBE_ADMISSION_CONTROL="--admission-control=NodeRestriction,${ADMISSION_CONTROL_LIST}"
 KUBE_API_ARGS=""
 EOF
 

magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml

@@ -222,7 +222,7 @@ parameters:
     type: string
     description: >
       List of admission control plugins to activate
-    default: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota"
+    default: "NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,PersistentVolumeClaimResize,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,RuntimeClass"
 
   kube_allow_priv:
     type: string