Create a second kind of tiered deployment that has the upstream agent co-deployed in the spire-server Pod

[edwbuck]

Currently the only solution for tiering requires the spire-agent to be codeployed with the server, but within a different Pod, which then uses the spire CSI driver to expose the agent to the server instance.

We should have a second, much simpler deployment available too, where the upstream agent is simply co-deployed within the server Pod as a side-car. This would avoid the need for a spire CSI driver between the two, as they would both share a filesystem and could read the UNIX domain socket without any extra intermediates.