Removed TokenClient and use CSI token propagation

[micahhausler]

What type of PR is this?

/kind feature
/kind cleanup

What this PR does / why we need it:

Which issue(s) this PR fixes:
Fixes #585

Special notes for your reviewer:

• I made the remount behavior dependent on whether requiresRequblish is set in the CSI driver. The default is false, which preserves existing behavior and won't issue new Mount() calls to plugins.
• The driver already had RBAC permissions to get/list/watch its own CSI Driver resource by name, so no new K8s permissions are needed.
• Given that 1.24 has been EOL for years, I thought it'd be safe to drop the TokenClient everywhere.
• By removing the need to create any service account token on all nodes, this is a huge security win: the driver will only propagate the token provided by Kubelet on to the plugins.

TODOs:

• squashed commits
• includes documentation
• adds unit tests

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: micahhausler
Once this PR has been reviewed and has the lgtm label, please assign aramase for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 62.79070% with 16 lines in your changes missing coverage. Please review.

Project coverage is 34.85%. Comparing base (87f51ec) to head (2470bb1).
Report is 120 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/secrets-store-csi-driver/main.go	0.00%	5 Missing ⚠️
pkg/secrets-store/nodeserver.go	42.85%	3 Missing and 1 partial ⚠️
pkg/k8s/driver.go	88.00%	2 Missing and 1 partial ⚠️
pkg/rotation/reconciler.go	0.00%	2 Missing ⚠️
pkg/secrets-store/secrets-store.go	50.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1749      +/-   ##
==========================================
- Coverage   35.83%   34.85%   -0.99%     
==========================================
  Files          63       62       -1     
  Lines        3759     4344     +585     
==========================================
+ Hits         1347     1514     +167     
- Misses       2268     2693     +425     
+ Partials      144      137       -7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[enj]

@micahhausler is this trying to redo #1622 which is almost complete or are they separate?

[micahhausler]

I hadn't seen #1622 and wanted an excuse to try Cursor. I'm happy to close this and review #1622

[k8s-ci-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

@micahhausler: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-secrets-store-csi-driver-image-scan	2470bb1	link	false	/test pull-secrets-store-csi-driver-image-scan
pull-secrets-store-csi-driver-e2e-provider-k8s-1-30-10	2470bb1	link	true	/test pull-secrets-store-csi-driver-e2e-provider-k8s-1-30-10
pull-secrets-store-csi-driver-e2e-provider-k8s-1-32-3	2470bb1	link	true	/test pull-secrets-store-csi-driver-e2e-provider-k8s-1-32-3
pull-secrets-store-csi-driver-e2e-provider-k8s-1-31-6	2470bb1	link	true	/test pull-secrets-store-csi-driver-e2e-provider-k8s-1-31-6

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.