Add support for disabling ServiceAccount token automounting (automountServiceAccountToken=false) via Helm values

[iusergii]

Describe the solution you'd like
We are implementing Kubernetes security hardening (CISA/NSA baseline + Microsoft Defender severity model).
One of the Critical controls is to disable automounting of API credentials (ServiceAccount tokens) for workloads that do not require Kubernetes API access.

Currently, the csi-secrets-store-provider-azure Helm chart does not expose a way to set:

• spec.template.spec.automountServiceAccountToken: false (PodSpec), and/or

• automountServiceAccountToken: false on the ServiceAccount resource

Because of that, we cannot comply with cluster policy enforcement without applying out-of-band patches.

[k8s-ci-robot]

This issue is currently awaiting triage.

If secrets-store-csi-driver contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.