fix: executor plugin sidecar can be injected with sa secrets.

[whybeyoung]

Signed-off-by: maybaby berlinsaint@126.com

Fixes #TODO

[whybeyoung]

By my testing, i found that it create sidecar with automountServiceAccountToken set to false, this means no easy way to communitate with k8s api if want do sth in plugin.

[simster7]

Minor change otherwise LGTM

[alexec]

This is not the correct approach for this. Unfortunatly, we do not want to share the same service account token between plugins as this would result in over-permissioing.

Instead, the service account token will need to be explicitly mounted on the plugin.

I'm going to close this PR, and open an issue laying out the solution.

[alexec]

Ok, so this shows you how to do secrets:

https://github.com/argoproj-labs/argo-workflows-slack-executor-plugin

Do we need to add docs?

[whybeyoung]

Ok, so this shows you how to do secrets:

https://github.com/argoproj-labs/argo-workflows-slack-executor-plugin

Do we need to add docs?
I have read them, but i think we should reopen this or can you provide a better way to allow plugin initialize a kubeclient in the k8s pod, i think we should support plugin serviceaccount's rbac...