feat(azure): implement shared credential cache across azureclient instances

Instead of caching entire client instances, enable sharing the driver's
existing azureCredentials sync.Map across all azureclient instances.

Changes:
- Add CredentialCache *sync.Map to azureclient.Options for external cache
- Add getCredentialCache() method to use external cache when provided
- Modify getCreds() to use shared cache instead of per-client cache
- Pass driver's azureCredentials to all azureclient instances in newAzClient()

This eliminates duplicate credential creation across multiple client instances
while reusing the existing azureCredentials infrastructure. Much simpler than
client instance caching and more efficient for credential reuse.

Author: bryan-cox

pkg/storage/azure/azure.go

@@ -343,6 +343,7 @@ func (d *driver) newAzClient(cfg *Azure, environment autorestazure.Environment,
 		SubscriptionID:     cfg.SubscriptionID,
 		TagSet:             tagset,
 		Policies:           d.policies,
+		CredentialCache:    &d.azureCredentials, // Share the driver's credential cache
 	})
 	if err != nil {
 		return nil, err

pkg/storage/azure/azureclient/azureclient.go

@@ -51,6 +51,7 @@ type Options struct {
 	TagSet             map[string]*string
 	Policies           []policy.Policy
 	Creds              azcore.TokenCredential
+	CredentialCache    *sync.Map // Optional external credential cache to share across instances
 }
 
 type PrivateEndpointCreateOptions struct {
@@ -97,6 +98,14 @@ func New(opts *Options) (*Client, error) {
 	}, nil
 }
 
+// getCredentialCache returns the appropriate credential cache to use - external if provided, otherwise internal
+func (c *Client) getCredentialCache() *sync.Map {
+	if c.opts.CredentialCache != nil {
+		return c.opts.CredentialCache
+	}
+	return &c.azureCredentials
+}
+
 func (c *Client) getCreds(ctx context.Context) (azcore.TokenCredential, error) {
 	if c.creds != nil {
 		return c.creds, nil
@@ -109,9 +118,10 @@ func (c *Client) getCreds(ctx context.Context) (azcore.TokenCredential, error) {
 	userAssignedIdentityCredentialsFilePath := os.Getenv("MANAGED_AZURE_HCP_CREDENTIALS_FILE_PATH")
 	if userAssignedIdentityCredentialsFilePath != "" {
 		var ok bool
+		credCache := c.getCredentialCache()
 
 		// We need to only store the Azure credentials once and reuse them after that.
-		storedCreds, found := c.azureCredentials.Load(azureCredentialsKey)
+		storedCreds, found := credCache.Load(azureCredentialsKey)
 		if !found {
 			klog.V(2).Info("Using UserAssignedIdentityCredentials for Azure authentication for managed Azure HCP")
 			clientOptions := azcore.ClientOptions{
@@ -121,7 +131,7 @@ func (c *Client) getCreds(ctx context.Context) (azcore.TokenCredential, error) {
 			if err != nil {
 				return nil, err
 			}
-			c.azureCredentials.Store(azureCredentialsKey, creds)
+			credCache.Store(azureCredentialsKey, creds)
 		} else {
 			creds, ok = storedCreds.(azcore.TokenCredential)
 			if !ok {