Description
Following the security hardening implemented in Kubernetes via pull request #38708, all unauthenticated HTTP requests are now denied. This change prevents Fulcio from successfully retrieving JSON Web Tokens (JWTs) from the Kubernetes API, leading to authentication failures.

Fulcio is unable to verify signatures, resulting in the following error:

,"message":"failed to verify signature: fetching keys oidc: get keys failed: 403 Forbidden {\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"forbidden: User \\\"system:anonymous\\\" cannot get path \\\"/openid/v1/jwks\\\"\",\"reason\":\"Forbidden\",\"details\":{},\"code\":403}\n","requestID":"rB30_-IW","code":"InvalidArgument","clientMessage":"There was an error processing the identity token","error":"failed to verify signature: fetching keys oidc: get keys failed: 403 Forbidden 

This error indicates that the system:anonymous user is forbidden from accessing the /openid/v1/jwks path, which is necessary for Fulcio to fetch OIDC keys and verify identity token signatures.