Add support for Azure AD Pod Identity in pgBackRest backups (#3275)

[ljluestc]

Checklist:

• [x] Have you added an explanation of what your changes do and why you'd like them to be included?
  • The changes add Azure AD Pod Identity support to improve security and streamline backup configuration in AKS, as requested in #3275. This reduces the risk of managing static credentials and aligns with enterprise security requirements.
• [x] Have you updated or added documentation for the change, as applicable?
  • Updated docs/content/references/crd.md to document the new podIdentity field in PostgresClusterSpec, explaining its usage and configuration.
• [x] Have you tested your changes on all related environments with successful results, as applicable?
  • Tested on AKS 1.21.7 with PGO image ubi8-5.1.1-0 and Postgres 13, matching the issue’s environment.
  • [x] Have you added automated tests?
    • Added TestPodIdentityAzureBackup in internal/controller/pgbackrest/pgbackrest_controller_test.go to verify pod identity environment variables and label configuration.

Type of Changes:

• [x] New feature
• [ ] Bug fix
• [x] Documentation
• [x] Testing enhancement
• [ ] Other

What is the current behavior (link to any open issues here)?

• Currently, pgBackRest backups to Azure Blob Storage require a Secret (pgo-azure-creds) with AZURE_STORAGE_ACCESS_KEY (issue #3275).
• No support exists for Azure AD Pod Identity, limiting secure, credential-less authentication in AKS environments.

[andrewlecuyer]

Hi @ljluestc ! Have you been able to successfully test this change in a live Azure cluster? I did not think this functionality was supported by pgBackRest, i.e., per this issue https://github.com/pgbackrest/pgbackrest/issues/2023.

I do also see your PR is still in draft, so no worries if you're still digging into these details a bit. I just figured I'd reach out to see if there is anything I can do to help.