Trust permissions not ready on install hook in sidecar charms

Description of the problem: when deploying a charm with `--trust`, the charm does not have the trust on `install` hook.

Juju version: 2.9.12

How to reproduce:

```
# install microk8s
# install juju
# bootstrap juju controller to microk8s
sudo snap install charmcraft --classic
git clone https://github.com/charmed-osm/oai-bundle
cd oai-bundle/
git checkout -b bug-trust-on-install
juju add-model test-oai
./deploy.sh

watch -c juju status --color
```

Some of the charms will go to error state, but they will eventually recover.

Logs:

```
unit-smf-0: 17:03:39 ERROR unit.smf/0.juju-log Uncaught exception while in charm code:
Traceback (most recent call last):
  File "./src/charm.py", line 327, in <module>
    main(OaiSmfCharm)
  File "/var/lib/juju/agents/unit-smf-0/charm/venv/ops/main.py", line 404, in main
    framework.reemit()
  File "/var/lib/juju/agents/unit-smf-0/charm/venv/ops/framework.py", line 732, in reemit
    self._reemit()
  File "/var/lib/juju/agents/unit-smf-0/charm/venv/ops/framework.py", line 767, in _reemit
    custom_handler(event)
  File "./src/charm.py", line 90, in _on_install
    self._patch_stateful_set()
  File "./src/charm.py", line 312, in _patch_stateful_set
    s = api.read_namespaced_stateful_set(
  File "/var/lib/juju/agents/unit-smf-0/charm/venv/kubernetes/client/api/apps_v1_api.py", line 7105, in read_namespaced_stateful_set
    return self.read_namespaced_stateful_set_with_http_info(name, namespace, **kwargs) # noqa: E501
  File "/var/lib/juju/agents/unit-smf-0/charm/venv/kubernetes/client/api/apps_v1_api.py", line 7200, in read_namespaced_stateful_set_with_http_info
    return self.api_client.call_api(
  File "/var/lib/juju/agents/unit-smf-0/charm/venv/kubernetes/client/api_client.py", line 348, in call_api
    return self.__call_api(resource_path, method,
  File "/var/lib/juju/agents/unit-smf-0/charm/venv/kubernetes/client/api_client.py", line 180, in __call_api
    response_data = self.request(
  File "/var/lib/juju/agents/unit-smf-0/charm/venv/kubernetes/client/api_client.py", line 373, in request
    return self.rest_client.GET(url,
  File "/var/lib/juju/agents/unit-smf-0/charm/venv/kubernetes/client/rest.py", line 239, in GET
    return self.request("GET", url,
  File "/var/lib/juju/agents/unit-smf-0/charm/venv/kubernetes/client/rest.py", line 233, in request
    raise ApiException(http_resp=r)
kubernetes.client.exceptions.ApiException: (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '4c44f34e-bfd3-42c9-b0ec-b9d32df30309', 'X-Kubernetes-Pf-Prioritylevel-Uid': '6fbc95b1-c040-46e4-b652-33963521157d', 'Date': 'Mon, 06 Sep 2021 15:03:39 GMT', 'Content-Length': '344'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"statefulsets.apps \"smf\" is forbidden: User \"system:serviceaccount:oai-31:smf\" cannot get resource \"statefulsets\" in API group \"apps\" in the namespace \"oai-31\"","reason":"Forbidden","details":{"name":"smf","group":"apps","kind":"statefulsets"},"code":403}

unit-smf-0: 17:03:39 ERROR juju.worker.uniter.operation hook "install" (via hook dispatching script: dispatch) failed: exit status 1
```