prevent volume leaks when using non-existing tags

[RomanBednar]

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind api-change
/kind bug
/kind cleanup
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake

What this PR does / why we need it:

AttachResourceTags in CreateVolume is called too late (after volume is already created) and can fail when invalid tags are used. The idea of the fix is to perform tag checking earlier to make sure AttachResourceTags will pass.

Additionally AttachResourceTags could be patched too to remove ValidateResourceTags call (in extractTags) so we don't validate the tags twice.

Which issue(s) this PR fixes:

Fixes #942

Special notes for your reviewer:

Fix verification

Driver log detected invalid tags in time:

I0521 13:40:23.319534       1 cloud.go:121] GOOGLE_APPLICATION_CREDENTIALS env var set /etc/cloud-sa/service_account.json
I0521 13:40:23.319548       1 cloud.go:125] Using DefaultTokenSource &google.errWrappingTokenSource{src:(*oauth2.reuseTokenSource)(0xc0008716e0)}
E0521 13:40:23.406793       1 utils.go:58] GRPC call: /csi.v1.Controller/CreateVolume, GRPC error: rpc error: code = InvalidArgument desc = [parent1/tagKey1/tagValue1 parent2/tagKey2/tagValue2] tag(s) provided in CreateVolumeRequest does not exist

There is no volume in cloud:

$ gcloud compute disks list --filter="name=(pvc-67730654-feb9-4c70-bf8a-8a8806c1def4)"
Listed 0 items.

PVC deletion works:

oc -n openshift-cluster-csi-drivers delete pvc/pvc-1
persistentvolumeclaim "pvc-1" deleted

Does this PR introduce a user-facing change?:

Using invalid tag in `resource-tags` storage class parameters could cause a volume to be leaked during dynamic volume provisioning. The driver now validates the tags early, before the actual volume creation, to prevent such leaks.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: RomanBednar
Once this PR has been reviewed and has the lgtm label, please assign saikat-royc for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

@RomanBednar: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-gcp-filestore-csi-driver-kubernetes-integration	df17885	link	true	/test pull-gcp-filestore-csi-driver-kubernetes-integration

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.