fix(rbac): allow listing nodes for VM migration

[danilrwx]

Description

Grant virtualization users permission to list and watch Kubernetes Nodes when executing virtual machine operations.

The Console migration dialog checks canI({ resource: 'nodes' }, ['list', 'watch']) before enabling the "Migrate to the selected node" option and uses the node list to build available migration targets.

Why do we need it, and what problem does it solve?

Users with VM operation permissions could initiate migration to an arbitrary node, but the Console disabled migration to a selected node with a "Not enough rights" tooltip because the role did not include Node list/watch permissions.

This fix aligns virtualization RBAC with the Console permission check and allows eligible users to select a target node for VM migration.

What is the expected result?

1. Open a running VM migration dialog in Console as a user with virtualization operation permissions.
2. Verify that "Migrate to the selected node" is enabled outside CE edition.
3. Select an available target node and start migration.

Checklist

• The code is covered by unit tests.
• e2e tests passed.
• Documentation updated according to the changes.
• Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: module
type: fix
summary: Allow users with VM operation permissions to select a target node for virtual machine migration in Console.
impact_level: low