Enable using Pod Certificates feature from Kubernetes 1.35

[cnvergence]

Description:

Describe the desired behaviour, what scenario it enables and how it would be used.

The new alpha feature of running Pod Certificates is targeted to become beta in 1.35. This provides a built-in mechanism for workload identity, allowing the kubelet to request and mount certificates for a Pod via a projected volume.

We should investigate its use in Gateway Namespace Mode and possibly in other areas of the Envoy Gateway Kubernetes provider.

[optional Relevant Links:]

Any extra documentation required to understand the issue.

• https://github.com/kubernetes/enhancements/issues/4317
• https://kubernetes.io/blog/2025/11/26/kubernetes-v1-35-sneak-peek/#pod-certificates