Ambient have no sidecar, thus to fetch SPIFFE identity we need to implement the SPIFFE Delegated Identity API. The Delegated Identity API works over Spire-Agent Admin socket. 

We need to expose spire-agent admin socket and make it available to ztunnel pods.