Use `ExecCredential` in kubeconfig generated for CI/CD pipelines

[kwiatekus]

Description
Provide user config for cli generated kubeconfigs that piggybacks on ExecCredential API for token refreshing

"users":
- "name": "...."
  "user":
    "exec":
      "apiVersion": "client.authentication.k8s.io/v1"
      "args":
      - "-c"
      - |
        set -e -o pipefail
        OIDC_URL_WITH_AUDIENCE="$ACTIONS_ID_TOKEN_REQUEST_URL&audience=$CLIENT_ID_HERE"
        IDTOKEN=$(curl -sS \
          -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
          -H "Accept: application/json; api-version=2.0" \
          "$OIDC_URL_WITH_AUDIENCE" | jq -r .value)
        EXP_TS=$(echo $IDTOKEN | jq -R 'split(".") | .[1] | @base64d | fromjson | .exp')
        EXP_DATE=$(date -d @$EXP_TS --iso-8601=seconds)
        # return token back to the credential plugin
        cat << EOF
        {
          "apiVersion": "client.authentication.k8s.io/v1",
          "kind": "ExecCredential",
          "status": {
            "token": "$IDTOKEN",
            "expirationTimestamp": "$EXP_DATE"
          }
        }
        EOF
      "command": "bash"
      "interactiveMode": "Never"

Reasons
The kubeconfig generated by CLI and the equivalent GH Action, includes a token that has a limited lifetime and cannot really be refreshed by kubernetes by itself. We should generate better kubeconfig for CI/CD that uses k8s' dedicated mechanism for client authentication
https://kubernetes.io/docs/reference/config-api/client-authentication.v1/#client-authentication-k8s-io-v1

Attachments
https://kubernetes.io/docs/reference/config-api/client-authentication.v1/#client-authentication-k8s-io-v1-ExecCredentialStatus