SPIRE-211: add SPIRE federation support in ZTWIM

[rausingh-rh]

This PR adds native support for SPIRE Federation in the Zero Trust Workload Identity Manager operator, enabling secure cross-cluster workload communication. The operator will manage federation endpoints, automate trust bundle exchange, and support federation between N clusters (where N is limited to a configurable maximum, default 10 clusters per trust domain).

Currently, federation setup is a manual multi-step process requiring direct ConfigMap manipulation, manual trust bundle extraction, and route creation. This enhancement automates the entire federation lifecycle through declarative API configuration.

[openshift-ci-robot]

@rausingh-rh: This pull request references SPIRE-211 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set.

In response to this:

This PR adds native support for SPIRE Federation in the Zero Trust Workload Identity Manager operator, enabling secure cross-cluster workload communication. The operator will manage federation endpoints, automate trust bundle exchange, and support federation between N clusters (where N is limited to a configurable maximum, default 10 clusters per trust domain).

Currently, federation setup is a manual multi-step process requiring direct ConfigMap manipulation, manual trust bundle extraction, and route creation. This enhancement automates the entire federation lifecycle through declarative API configuration.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign bn222 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@rausingh-rh: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.