Better defaults for intermediary Pod data mover

[chipzoller]

Need to beef up the security posture of the internal Pod data mover so it has things like:

• No use of ubuntu:latest
• Passes the Pod Security Standards restricted profile
• Contains basic and standard metadata
  • Standard labels are needed