Description of problem:
Can't create app when push code to init gitserver repo due to forbidden error.

The default oc client in git server pod is 
oc version 
oc v3.7.1+de12586-31
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth GSSAPI Kerberos SPNEGO

And Qe need test this feature with 3.5 and 3.4, so the client compatibility issue conduct this bug


Works on above 3.6 env

Version-Release number of selected component (if applicable):
openshift v3.5.5.31.66
kubernetes v1.5.2+43a9be4

openshift v3.4.1.44.52
kubernetes v1.4.0+776c994

docker.io/openshift/origin-gitserver:latest (c788ff7985e7)

How reproducible:
always

Steps to Reproduce:
1.Create a git server app
Follow as https://github.com/openshift/origin/tree/master/examples/gitserver#deploy-the-git-server
2.Push code to the initial git server 

3.

Actual results:
step 2:

$ git push origin master
Username for 'http://git-git.apps.0412-5ej.qe.rhcloud.com': xiuwang
Password for 'http://xiuwang@git-git.apps.0412-5ej.qe.rhcloud.com': 
Counting objects: 290, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (187/187), done.
Writing objects: 100% (290/290), 46.64 KiB | 0 bytes/s, done.
Total 290 (delta 93), reused 281 (delta 89)
remote: Error from server (Forbidden): User "system:serviceaccount:git:git" cannot list build.openshift.io.buildconfigs in project "git"
remote: error: can't lookup images: User "system:serviceaccount:git:git" cannot create image.openshift.io.imagestreamimports in project "git"
remote: error: no match for "centos/ruby-22-centos7"
remote: 
remote: The 'oc new-app' command will match arguments to the following types:
remote: 
remote:   1. Images tagged into image streams in the current project or the 'openshift' project
remote:      - if you don't specify a tag, we'll add ':latest'
remote:   2. Images in the Docker Hub, on remote registries, or on the local Docker engine
remote:   3. Templates in the current project or the 'openshift' project
remote:   4. Git repository URLs or local paths that point to Git repositories
remote: 
remote: --allow-missing-images can be used to point to an image that does not exist yet.
remote: 
remote: See 'oc new-app -h' for examples.
To http://git-git.apps.0412-5ej.qe.rhcloud.com/ruby-hello-world
 * [new branch]      master -> master


Expected results:
Should create app successfully when init git server

Additional info:

$ oc get rolebinding  
NAME                    ROLE                    USERS     GROUPS                       SERVICE ACCOUNTS   SUBJECTS
admin                   /admin                  xiuwang                                                   
edit                    /edit                                                          git                
system:deployers        /system:deployer                                               deployer           
system:image-builders   /system:image-builder                                          builder            
system:image-pullers    /system:image-puller              system:serviceaccounts:git                      
[wxj@dhcp-140-124 ruby-hello-world]$ oc get sa  git -o yaml 
apiVersion: v1
imagePullSecrets:
- name: git-dockercfg-kvp8b
kind: ServiceAccount
metadata:
  creationTimestamp: 2018-04-13T06:11:38Z
  labels:
    app: git
  name: git
  namespace: git
  resourceVersion: "19210"
  selfLink: /api/v1/namespaces/git/serviceaccounts/git
  uid: 86b08309-3ee1-11e8-8560-42010af00002
secrets:
- name: git-dockercfg-kvp8b
- name: git-token-r7z9r