[CONNECT] Allow use of rbac and service account creation without requiring launcher be enabled

[jforest]

When trying to create a service account using

rbac:
    create: True
    serviceAccount:
        create: True
        name: connect-sa
        annotations:
            eks.amazonaws.com/role-arn: <my-arn-here>

it became clear that we cannot create a service account in this method without enabling launcher because of this line. I am able to work around it thanks to @colearendt by using extraObjects to create the service account, making sure to specify it's name in the rbac values, because it's used later here even though we cannot create that service account that way.

It would be nice if we could support creating the service account without requiring launcher being enabled.

[lachlansimpson]

This issue is seen in Support ticket #95319

[dbkegley]

For future reference:

rbac:
  serviceAccount:
    name: <service-account-name>
extraObjects:
  - apiVersion: v1
    kind: ServiceAccount
    metadata:
      annotations:
        eks.amazonaws.com/role-arn: arn:aws:iam::<account>:role/<id>
      name: <service-account-name>