Currently, cloud-init is used to process the podvm configuration data made available via cloud config (config-drive)
Cloud Config is a venue to execute arbitrary untrusted code at startup and not recommended in the CoCo model.
In upstream for Azure, we have already switched to using metadata service to fetch the config info using a custom program - process-user-data.
This feature is to enable the upstream feature in the downstream Red Hat builds, this means adding new binaries to the osc-podvm-payload container image
Ref upstream issue: https://github.com/confidential-containers/cloud-api-adaptor/issues/1467