[CASCL-1397] datadog: allow cluster-agent to read dd-cluster-info

[L3n41c]

What this PR does / why we need it:

Grants the Cluster Agent get/list/watch on the dd-cluster-info ConfigMap (gated by datadog.orchestratorExplorer.enabled), so it can read the cluster-info snapshot written by kubectl datadog autoscaling cluster install (see DataDog/datadog-operator#2945, #2980).

This RBAC rule unblocks the orchestrator-check enhancement tracked in DataDog/datadog-agent#51107, which surfaces per-node management info (Fargate / Karpenter / EKS managed node group / ASG / standalone), the autoscaling solutions detected on the cluster, and the EKS cluster ARN to the Datadog back-end through the synthetic Cluster payload.

Kubernetes ignores resourceNames for list/watch verbs, so the rule effectively grants those verbs cluster-wide on configmaps; the agent narrows the result client-side via the app.kubernetes.io/managed-by=kubectl-datadog label and a metadata.name field selector.

The agent degrades gracefully if this rule is absent (logs Forbidden at debug level, leaves the new fields unset). So the two PRs can merge in either order.

Jira: CASCL-1397.

Which issue this PR fixes

n/a

Special notes for your reviewer:

• The Chart version is bumped from 3.198.0 to 3.198.1. The datadog/patch-version label is applied.
• make update-test-baselines was run; 42 baseline manifests now include the new ClusterRole rule.
• helm-docs was not run locally (would require installing helm-docs); the only README change here is the version badge bump, which I updated manually.

Checklist

• All commits are signed and show as "Verified" on GitHub
• Chart Version semver bump label has been added (datadog/patch-version)
• For datadog chart changes, test baselines have been updated (make update-test-baselines)
• For datadog chart changes, received ✅ from a member of your team (pending review)
• CHANGELOG.md has been updated
• Variables are documented in the README.md (no new variables — RBAC-only change)

🤖 Generated with Claude Code