fix(argo-workflows): Server only needs get Secrets (#2211)

- as of aa366db345, the Server no longer needs `list` or `watch` and only uses `get`
  - this was released as part of [v3.4.0](https://github.com/argoproj/argo-workflows/blob/master/CHANGELOG.md#v340-rc1-2022-08-09), and the current version of the chart uses v3.4.9 (per `Chart.yaml#appVersion`)

- `update` is not needed either for SSO secret
  - manifests RBAC: a68ea0feab/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml (L18)
  - SSO source code only uses [`create`](20d0923611/server/auth/sso/sso.go (L140)) and [`get`](20d0923611/server/auth/sso/sso.go (L151))
    - (also some `get`s above that for [`clientID`](20d0923611/server/auth/sso/sso.go (L127)) and [`clientSecret`](20d0923611/server/auth/sso/sso.go (L106)) as well)

Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
Co-authored-by: Aikawa <yu.croco@gmail.com>
Co-authored-by: Jason Meridth <jmeridth@gmail.com>

charts/argo-workflows/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: v3.4.9
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.32.1
+version: 0.32.2
 icon: https://argoproj.github.io/argo-workflows/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@@ -16,5 +16,5 @@ annotations:
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
-    - kind: added
+    - kind: fixed
-      description: Add support for executor args
+      description: Removed Secrets list and watch from Server RBAC

charts/argo-workflows/templates/server/server-cluster-roles.yaml

@@ -47,7 +47,6 @@ rules:
   - sso
   verbs:
   - get
-  - update
 - apiGroups:
   - ""
   resources:
@@ -71,8 +70,6 @@ rules:
   - secrets
   verbs:
   - get
-  - list
-  - watch
 {{- if and .Values.server.sso.enabled .Values.server.sso.rbac.enabled }}
   {{- with .Values.server.sso.rbac.secretWhitelist }}
   resourceNames: {{- toYaml . | nindent 4 }}