Export jwt and trust bundle to secret/configmaps

[drewwells]

I'm trying to integrate authN and authZ with spire-controller-manager. It would be a performance issue to make API requests to local node daemons. I'm looking for two things.

1. How can I mount the trust bundle that spire-server is using to verify jwts in process in my application? I only see the public certificate, not the JWKS.
2. It would be preferable to load JWTs by a secret. I don't see that any of the CRs create this opportunity. My applications use older versions of gRPC and speaking to a gRPC server is unlikely to be a simple task. Is there an HTTP endpoint available or do I need t write a sidecar that talks gRPC to spire-agent, writes out the JWT to a secret, application watches secret and loads it.