1. Proposed title of this feature request

Token Minting API for Control Plane log forwarding. 

2. What is the nature and description of the request?

ROSA Customers want Control Plane logs forwarded to CloudWatch in their AWS Accounts.

The component implementing log forwarding (Cluster Logging Operator) requires a Secret with the token from a given Service Account from the Hosted Cluster.

Cluster Logging Operator doesn't support the injection of a sidecar container for token minting.

This request is for making the token minting proccess a first class API in the Hosted Cluster that can be configured, untimatelly generating a Secret with the token to be consumed by Cluster Logging Operator.

3. Why does the customer need this? (List the business requirements here)

To fulfill their audit and security requirements.

4. List any affected packages or components.

control-plane-operator

References:

• https://docs.google.com/document/d/1TicDkoYqb3b2CFqt_bJ8tThwF7ib9LLdXjscwF5DMt0/edit?tab=t.0#heading=h.9fxctrdi6gan
• https://drive.google.com/file/d/1YtFK_jOkXorkBSzAy0wXsxHe00VhYlzs/view 
• https://issues.redhat.com/browse/XCMSTRAT-1080