Gitops operator currently enables dex by default and it uses service account as oauth client and uses service account secret as oauth token, since from k8s v1.24, service account associated with dex pods will not have secret auto mounted , however token is populated by k8s, as a result gitops operator need to create the secret and mount it in dex service account.

But this is not the recommended way by kubernetes 

Kubernetes says to use TokenRequest API to get the token for service account , that will  have time based expiry and should be refreshed as in when used.

Acceptance Criteria

1) Come up with a way that dex can use service account as oauth client but self requests the Token and we don't need to fetch token from secret and pass it to dex to work, dex should manage this on its own, Probably dex must have implemented TokenRequest API we need to read dex documentation and see what configuration change gitops operator does.

OR

2) We can get rid of usage of service account as oauth client for dex and look for alternate configurations