Add crio_default_capabilities variables and documentation (#11989)

roles/container-engine/cri-o/defaults/main.yml

@@ -99,3 +99,17 @@ crio_man_files:
 
 # If set to true, it will enable the CRIU support in cri-o
 crio_criu_support_enabled: false
+
+# Configure default_capabilities in crio.conf
+crio_default_capabilities:
+  - CHOWN
+  - DAC_OVERRIDE
+  - FSETID
+  - FOWNER
+  - NET_RAW
+  - SETGID
+  - SETUID
+  - SETPCAP
+  - NET_BIND_SERVICE
+  - SYS_CHROOT
+  - KILL