Enable authgear deployment to use workload identity federation

[linear[bot]]

The objective is to make sure we can use workload identity, not banning use of services account keys.

What we need to do:

1. Enable existing code transparently resolve to token provided by workload identity if exist.
2. Change the helm to run as service account of appropriate separation.
3. Configure the deployment to have workload identity.
4. Actually switch to use workload identity token on compliance required deployment environment.

[linear[bot]]

DEV-1448 Enable authgear deployment to use workload identity federation