Resurrect Workload Identity Work

[ledbutter]

Why the changes in this PR are needed?

To allow for Azure kubernetes deployments to utilize workload identity, their newer approach to federating with identity providers.

What are the changes in this PR?

Adding new client credential attributes to support workload identity.

Notes to assist PR review:

Based on discussion in #6012

Further comments:

This is resurrecting the work started in #6014 and closed without explanation. Given the specialized support for AWS KMS, I could foresee the original approach here should be changed to more closely follow that approach.