Add support for Azure AD Pod Identity in pgBackRest backups (#3275)

[ljluestc]

Checklist:

• Have you added an explanation of what your changes do and why you'd like them to be included?
  • The changes add Azure AD Pod Identity support to improve security and streamline backup configuration in AKS, as requested in Support Azure pod identity #3275. This reduces the risk of managing static credentials and aligns with enterprise security requirements.
• Have you updated or added documentation for the change, as applicable?
  • Updated docs/content/references/crd.md to document the new podIdentity field in PostgresClusterSpec, explaining its usage and configuration.
• Have you tested your changes on all related environments with successful results, as applicable?
  • Tested on AKS 1.21.7 with PGO image ubi8-5.1.1-0 and Postgres 13, matching the issue’s environment.
  • Have you added automated tests?
    • Added TestPodIdentityAzureBackup in internal/controller/pgbackrest/pgbackrest_controller_test.go to verify pod identity environment variables and label configuration.

Type of Changes:

• New feature
• Bug fix
• Documentation
• Testing enhancement
• Other

What is the current behavior (link to any open issues here)?

• Currently, pgBackRest backups to Azure Blob Storage require a Secret (pgo-azure-creds) with AZURE_STORAGE_ACCESS_KEY (issue Support Azure pod identity #3275).
• No support exists for Azure AD Pod Identity, limiting secure, credential-less authentication in AKS environments.

[andrewlecuyer]

Hi @ljluestc ! Have you been able to successfully test this change in a live Azure cluster? I did not think this functionality was supported by pgBackRest, i.e., per this issue pgbackrest/pgbackrest#2023.

I do also see your PR is still in draft, so no worries if you're still digging into these details a bit. I just figured I'd reach out to see if there is anything I can do to help.