Feature Request: Use Kubernetes secrets as a SPIRE Server KeyManager

[swamibluedata]

Currently we are running spire server with 2 replicas connected to an external postgress instance (HA configuration). In this mode spire server still requires a pvc attached to each replica for storing keys. If a node that is hosting the "leader" spire-server goes down, kubernetes does not automatically bring up the replica because of attached volume on that node. A manual intervention is required to move the replica (by issuing kubectl delete pod with force grace-period options).

To avoid, can we leverage kubernetes secrets (assuming it will be protected with RBAC etc) as keymanager?

If conceptually this makes sense, we can put a PR out for the same.