Add crio_default_capabilities variables and documentation (#11989)

roles/container-engine/cri-o/templates/crio.conf.j2

@@ -155,17 +155,9 @@ cgroup_manager = "{{ crio_cgroup_manager }}"
 # only the capabilities defined in the containers json file by the user/kube
 # will be added.
 default_capabilities = [
-	"CHOWN",
-	"DAC_OVERRIDE",
-	"FSETID",
-	"FOWNER",
-	"NET_RAW",
-	"SETGID",
-	"SETUID",
-	"SETPCAP",
-	"NET_BIND_SERVICE",
-	"SYS_CHROOT",
-	"KILL",
+{%- for item in crio_default_capabilities %}
+        "{{ item }}",
+{%- endfor %}
 ]
 
 # List of default sysctls. If it is empty or commented out, only the sysctls