[BUG] DaemonSet/microsoft-defender-collector-ds doesn't have priority class (not ensured for scheduling, potential security issue)

[mblaschke-daimlertruck]

Describe the bug
The DaemonSet/microsoft-defender-collector-ds doesn't have any priority class and so is not enforced on the nodes. If nodes are full the defender Pod will not be scheduled.

How can the defender be a GA ready service when it's missing the priority class system-node-critical? An attacker could try to evict the defender Pod to avoid detection.

result of the missing Pod:

Events:
  Type     Reason            Age                    From               Message
  ----     ------            ----                   ----               -------
  Warning  FailedScheduling  15m (x178 over 6h25m)  default-scheduler  0/23 nodes are available: 1 Insufficient cpu. preemption: 0/23 nodes are available: 1 No
preemption victims found for incoming pod, 22 Preemption is not helpful for scheduling.

This is a possible security issue if workloads can prevent the defender from being scheduled on nodes.

To Reproduce
Steps to reproduce the behavior:

1. use all the reserved resources of a node before DaemonSet/microsoft-defender-collector-ds can scheduled pods
2. DaemonSet/microsoft-defender-collector-ds pod is missing on that node

Expected behavior
Follow the Kubernetes guidelines for best practises for important node services and add priorityClass system-node-critical to the Pods. Make sure the Pods are always scheduled.

Environment (please complete the following information):

• AKS v1.30.7

[microsoft-github-policy-service]

Action required from @aritraghosh, @julia-yin, @AllenWen-at-Azure