K8SSAND-1803 ⁃ Switch to TokenRequest API for ServiceAccount tokens

[olim7t]

Currently we use a non-expiring token (at first auto-generated, and then explicitly declared when we moved to k8s 1.24 in #681).

The documentation recommends switching to TokenRequest instead:

Tokens obtained from the TokenRequest API are more secure than ones stored in Secret objects, because they have a bounded lifetime and are not readable by other API clients. You can use the kubectl create token command to obtain a token from the TokenRequest API.

You should only create a service account token Secret object if you can't use the TokenRequest API to obtain a token, and the security exposure of persisting a non-expiring token credential in a readable API object is acceptable to you.

We should investigate if and how that API can be used from our controller code.

┆Issue is synchronized with this Jira Task by Unito
┆friendlyId: K8SSAND-1803
┆priority: Medium

[burmanm]

1.22 minimum.