demo: IAA/DSA: deploy with SYS_RAWIO capabilities

stable kernel update added a patch that requires processes to
carry SYS_RAWIO in order to submit IAA/DSA commands.

This isn't enabled for containers by default  so explicitly
request adding it for test deployments.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>

demo/dsa-accel-config-demo-pod.yaml

@@ -17,6 +17,9 @@ spec:
     resources:
       limits:
         dsa.intel.com/wq-user-dedicated: 1
-        # In kernels 5.13-5.17, ENQCMD is disabled (is to be reinstated in 5.18)
         # dsa.intel.com/wq-user-shared: 1
+    securityContext:
+      capabilities:
+        add:
+          ["SYS_RAWIO"]
   restartPolicy: Never

demo/iaa-accel-config-demo-pod.yaml

@@ -17,6 +17,9 @@ spec:
     resources:
       limits:
         iaa.intel.com/wq-user-dedicated: 1
-        # In kernels 5.13-5.17, ENQCMD is disabled (is to be reinstated in 5.18)
         # iaa.intel.com/wq-user-shared: 1
+    securityContext:
+      capabilities:
+        add:
+          ["SYS_RAWIO"]
   restartPolicy: Never