feat: allow proxies to be injected using a native sidecar

[devjoes]

Reason for Change:

Fixes Issue 773 by using native sidecars so that pods exit cleanly when running as cronjobs, currently azwi sidecar prevents the pod from terminating.

It also addresses an annoyance where the first container in the pod is the proxy, so any kubectl commands target that container, previously I was working around this by adding the default-container annotation.

I've kept the current behaviour as the default because this change requires at least k8s 1.28, adding the annotation azure.workload.identity/use-native-sidecar enables native sidecars. But it seems to work well so at some point in the future you could just make this the default behaviour.

No update to deployment.yaml

No change to Helm chart

Requirements

• squashed commits
• included documentation
• added unit tests and e2e tests (if applicable).

Issue Fixed:

Fixes #733

Please answer the following questions with yes/no:

Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution?

• yes
• no

Notes for Reviewers:
Tested on v1.30.0-eks-fff26e3

[devjoes]

@microsoft-github-policy-service agree

[devjoes]

@aramase @enj any update on this PR? I've just rebased it and messaged our MS TAMs to see if they can do anything to get it merged.

[bench]

Hi,
Can we have any news for this PR please :)
@aramase @enj