Description of problem:

Having run this pipeline without issue on OpenShift-Pipelines 1.7.3, which uses:

    Tekton Pipelines: v0.33.2
    Tekton Triggers: v0.19.0
    Tekton Chains (tech-preview): v0.8.0
    Tekton Hub (tech-preview): v1.7.3
    Pipelines as Code (tech-preview): v0.5.10

I have then tried upgrading to OpenShift-Pipelines 1.8.0, which uses:

    Tekton Pipelines: v0.37.4
    Tekton Triggers: v0.20.2
    Tekton Chains (tech-preview): v0.9.0
    Tekton Hub (tech-preview): v1.8.0
    Pipelines as Code (tech-preview): 0.10.2

My pipeline no longer runs (and I'm using the same pipeline-run).

It appears the pipeline is trying to run the first four task containers as runAsUser: 0 despite the fact I've not requested this. I then see this error, and this is the bit that makes me believe they are trying to be run as root spec.containers[0].securityContext.runAsUser: Invalid value: 0: running with the root UID is forbidden.

This is the task log:

```
failed to create task run pod "simple-page-pipeline-74cetx-depcheck-scan": pods "simple-page-pipeline-74cetx-depcheck-scan-pod" is forbidden: 

unable to validate against any security context constraint: [

provider "anyuid": Forbidden: not usable by user or serviceaccount, 
provider "pipelines-scc": Forbidden: not usable by user or serviceaccount, 
provider "ibm-restricted-scc": Forbidden: not usable by user or serviceaccount, spec.containers[0].securityContext.runAsUser: Invalid value: 0: running with the root UID is forbidden, 
provider "ibm-anyuid-scc": Forbidden: not usable by user or serviceaccount, 
provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, 
provider "ibm-anyuid-hostpath-scc": Forbidden: not usable by user or serviceaccount, 
provider "hostnetwork": Forbidden: not usable by user or serviceaccount, 
provider "hostaccess": Forbidden: not usable by user or serviceaccount, 
provider "ibm-anyuid-hostaccess-scc": Forbidden: not usable by user or serviceaccount, 
provider "node-exporter": Forbidden: not usable by user or serviceaccount, 
provider "ibm-privileged-scc": Forbidden: not usable by user or serviceaccount, 
provider "privileged": Forbidden: not usable by user or serviceaccount

]. Maybe missing or invalid Task tekton-pipelines/depcheck-scan
```

I use this in my pipeline-run:
```
  serviceAccountName: pipelinerunner
  taskRunSpecs:
    - pipelineTaskName: source-to-image-test
      taskServiceAccountName: pipelinesource
```

My first four tasks should all be using pipelinerunner (which is aligned to run via restricted SCC, whereas pipelinesource is aligned to run via anyuid SCC - and used an a latter task that needs to run as root)). Instead they all failed with the error shown above.

The error message appears to show the task didn't try and use restricted SCC, but instead tried the others, all of which aren't permitted to be used by user. The ibm-restricted-scc whilst not permitted, also wasn't a match, given that it thinks the task wants to run as root, and this SCC doesn't permit that.


Version-Release number of selected component (if applicable): 1.8.0


How reproducible: every time. I have reverted to 1.7.3 and it works again, then back to 1.8.0 at it fails.


Steps to Reproduce:
1. Create a pipeline where first task should run via restricted SCC and second task should run via anyuid SCC
2. Include serviceAccountName and taskRunSpecs in pipeline run to ensure correct serviceAccounts are aligned to tasks
3. Run pipeline

Actual results: (See problem description)


Expected results: Pipeline tasks should run via restricted SCC, using pipelinerunner SA


Additional info: