Add option to configure a vault proxy instead of an agent

[liad5h]

Is your feature request related to a problem? Please describe.
When a sidecar container is injected into a pod, the sidecar container authenticates to Vault and can then render secrets and provide them to the main container.
If the container wishes to interact with Vault through the local agent, it needs the agent token or any other token.

Today it is possible to configure the sidecar container to act as a proxy (via api_proxy) but this will be deprecated in v1.17, see:

• https://developer.hashicorp.com/vault/docs/agent-and-proxy#introduce-vault-agent-and-vault-proxy-to-the-workflow
• https://developer.hashicorp.com/vault/docs/deprecation

Describe the solution you'd like
Add an option to inject a Vault Proxy instead of a Vault Agent -

vault-k8s/agent-inject/agent/container_init_sidecar.go

Line 61 in 103089a

arg = fmt.Sprintf("touch %s && vault agent -config=%s/config-init.hcl", TokenFile, configVolumePath)

An annotation like vault.hashicorp.com/sidecar-type: <agent / proxy> would be great.

Describe alternatives you've considered
It is also possible to deploy the proxy outside of the pod but doing that will use the same token for all of the client requests. In my opinion this is a big security risk.

Additional context
To achieve an api_proxy today, the vault.hashicorp.com/configmap annotation is required, and all of the configurations should be moved into the configmap. only then can I add the below block to get the proxy started:

api_proxy {
   use_auto_auth_token = true
}

[liad5h]

opened #496