first draft of new Kubernetes Persistence Technique using Client certificates

[raesene]

What does this PR do?

Adds a new Attack technique which creates and approves a Kubernetes Client Certificate with a username of system:kube-controller-manager which is a standard high-privileged user account in Kubernetes.

As Kubernetes does not allow for certificate revocation, this is a good persistence technique for attackers who have gained access to Kubernetes clusters (similar to the Token Request API)

Motivation

There's two motivations for this technique. First is the standard of ensuring that cluster auditing are picking this up correctly. The second is with managed Kubernetes testing implementations to see if this feature works. For example in EKS it is not documented clearly whether general CSR process works.

Checklist

• [X] The attack technique emulates a single attack step, not a full attack chain
• [ ] We have factual evidence & references that the attack technique was used by real malware, pentesters, or attackers
• [X] The attack technique makes no assumption about the state of the environment prior to warming it up