Reload bearer token from disk to work with kubernetes bound-service-a…

[grosser]

…ccount-tokens

What does this PR do?

fixes DataDog/datadog-agent#10604
... still need to confirm this works
... also needs to be an opt-in flag since this check could be used for anything

Motivation

the token on disk is expired every 1h by kubernetes so we need to reload it

Review checklist (to be filled by reviewers)

• Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
• PR title must be written as a CHANGELOG entry (see why)
• Files changes must correspond to the primary purpose of the PR as described in the title (small unrelated changes should have their own PR)
• PR must have changelog/ and integration/ labels attached

[djmitche]

I'm not sure why agent-core owns datadog_checks_base/datadog_checks/base/checks/openmetrics/mixins.py but that seems to now use different config options and have some other refactoring unrelated to this PR?

[grosser]

the change is to always set execute bearer_token = scraper_config['_bearer_token']
rest of the code is just moved/indented, https://github.com/DataDog/integrations-core/pull/11176/files?w=1 shows it better

[grosser]

added 3 more places that needed to be patched

[djmitche]

got it, thanks -- mixins.py looks good

[grosser]

was still missing:

file":"pkg/autodiscovery/config_poller.go","line":"128","func":"collect","msg":"Unable to collect configurations from provider kubernetes: couldn't fetch \"podlist\": unexpected status code 401

so resorting to manually doing what the token controller does + longer expiration:

      automountServiceAccountToken: false

and volumeMounts

          - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
            name: kube-api-access-stable
            readOnly: true

and volumes

       - name: kube-api-access-stable
          projected:
            defaultMode: 420
            sources:
            - serviceAccountToken:
                expirationSeconds: < whatever you deem safe >
                path: token
            - configMap:
                items:
                - key: ca.crt
                  path: ca.crt
                name: kube-root-ca.crt
            - downwardAPI:
                items:
                - fieldRef:
                    apiVersion: v1
                    fieldPath: metadata.namespace
                  path: namespace