Add OIDC support to Authenticate Workloads for ESC

[dirien]

Hello!

Currently, when using for example the ESC SDK you need to provide the PAT to your program to connect to your different environments. This is fine for most scenarios.

But there is always the risk to accidentally leak the PAT giving a potential malicious actor access to a whole lot of environments.

What would be really awesome, would be to have an additional way to authentiacte, in form of OIDC and workload identity. Similar Vault or infisical is doing!

Extending then the SDKs to handle the authentication process including the fetching of identity tokens for the user.

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

[thoward]

See additional discussion on motivation for this issue here: https://github.com/pulumi/docs/pull/13054#pullrequestreview-2357840996