Description of problem:

- Editing settings on the default SCCs does not warn anything. So some customers changed settings and experienced critical issues during update.
- Although the docs warns it (in a very small part), we would like to request more better way to notice by the customer. (It is really difficult to find the docs.)


Version-Release number of selected component (if applicable):
- OCP 3.6 (confirmed with OCP 3.9 as well)


How reproducible: 100%


Steps to Reproduce:
1. Set nfs to volumes in restricted scc

  # oc edit scc restricted
  ```
  volumes:
  ...
  - nfs
  ```

  // nfs was added to restricted
  # oc get scc restricted
  NAME         ...   VOLUMES
  restricted   ...   [configMap downwardAPI emptyDir nfs persistentVolumeClaim projected secret]

NOTE: We know that changing some values in default SCC is bad practice. But there are no warning message and no users can predict that the "additive" settings will be dropped by the update.

2. Update cluster. (e.g 3.5 to 3.6)
 - During the update, "oc adm reconcile-sccs --confirm --additive-only=true" is executed by the playbook.


Actual results:
- The SCC is reconciled and all pods using nfs stopped running.


Expected results:
- We would like to request some warning messages when customers edit the default sccs. (It caused critical outage.)

e.g)
  a. Making default sccs "read only".
  b. When users edit default sccs, OpenShift causes Warning message
  c. OpenShift diagnostics gives the notification


Additional info:

- https://github.com/openshift/origin/pull/19610 is the proposed patch for c), as it is the easiest way atm.

[1] https://docs.openshift.com/container-platform/3.6/admin_guide/manage_scc.html
In order to preserve customized SCCs during upgrades, do not edit settings on the default SCCs other than priority, users, groups, labels, and annotations.