feat(config): use projected volume for SA token

[czeslavo]

What this PR does / why we need it:

Ports the changes from helm chart: Kong/charts#722. A projected volume is used instead of a static secret.

That effectively makes our manifests not compatible with Kubernetes < 1.21 versions. According to our support matrix, we already do not support such.

E2E tests run: https://github.com/Kong/kubernetes-ingress-controller/actions/runs/4187269214

Which issue this PR fixes:

Closes #3475.

Special notes for your reviewer:

PR Readiness Checklist:

Complete these before marking the PR as ready to review:

• the CHANGELOG.md release notes have been updated to reflect any significant (and particularly user-facing) changes introduced by this PR

[codecov]

Codecov Report

Base: 72.1% // Head: 72.2% // Increases project coverage by +0.0% 🎉

Coverage data is based on head (78e0490) compared to base (56a11b9).
Patch has no changes to coverable lines.

Additional details and impacted files

@@          Coverage Diff          @@
##            main   #3563   +/-   ##
=====================================
  Coverage   72.1%   72.2%           
=====================================
  Files        127     127           
  Lines      14771   14771           
=====================================
+ Hits       10660   10668    +8     
+ Misses      3434    3427    -7     
+ Partials     677     676    -1     

Impacted Files	Coverage Δ
...nternal/controllers/gateway/tcproute_controller.go	70.0% <0.0%> (-2.0%)	⬇️
...ternal/controllers/gateway/httproute_controller.go	69.7% <0.0%> (-1.9%)	⬇️
internal/dataplane/kongstate/service.go	66.0% <0.0%> (-1.3%)	⬇️
internal/dataplane/parser/parser.go	90.7% <0.0%> (+0.6%)	⬆️
internal/dataplane/kongstate/util.go	92.5% <0.0%> (+1.5%)	⬆️
...nternal/controllers/gateway/udproute_controller.go	73.7% <0.0%> (+2.1%)	⬆️
internal/dataplane/kongstate/kongstate.go	73.9% <0.0%> (+4.5%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[pmalek]

🏅

[pmalek]

Since we're recently making more and more changes that require an e2e pass and we have no way of verifying that outside of the bounds of PRs we should add an e2e run label similarly to what we have for nightly: https://github.com/Kong/kubernetes-ingress-controller/blob/ec17ebcaa39fdfd8a01d960eaaadcc2546e4da9a/.github/workflows/test_nightly.yaml

[seh]

Note that the Secret named "kong-serviceaccount-token" still winds up in the set of generated manifests:

kubernetes-ingress-controller/deploy/single/all-in-one-dbless.yaml

Lines 1593 to 1600 in 8104f58

	apiVersion: v1
	kind: Secret
	metadata:
	annotations:
	kubernetes.io/service-account.name: kong-serviceaccount
	name: kong-serviceaccount-token
	namespace: kong
	type: kubernetes.io/service-account-token

@rainest's #3475 didn't mention removing this Secret, but I took it to be implied.

[czeslavo]

Note that the Secret named "kong-serviceaccount-token" still winds up in the set of generated manifests:

kubernetes-ingress-controller/deploy/single/all-in-one-dbless.yaml

Lines 1593 to 1600 in 8104f58

	apiVersion: v1
	kind: Secret
	metadata:
	annotations:
	kubernetes.io/service-account.name: kong-serviceaccount
	name: kong-serviceaccount-token
	namespace: kong
	type: kubernetes.io/service-account-token

@rainest's #3475 didn't mention removing this Secret, but I took it to be implied.

@seh Thanks for pointing this out, I overlooked it's not needed anymore.