Configure workspace service account to use image pull secrets

Issue: Backend: Update the deployment to use the image... (#477784 - closed)

What does this MR do and why?

This MR:

• Configures a service account to use the image pull secrets associated with the workspace's agent config
• updates the workspace deployment spec to use the configured service account
• Attempts to make previously added tests more rigorous

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

How to set up and validate locally

• Setup GDK and workspaces. Follow https://gitlab.com/gitlab-org/workspaces/gitlab-workspaces-docs/-/blob/main/doc/local-development-environment-setup.md?ref_type=heads
• Create a private container image on .com. Say a private image is published at "registry.gitlab.com/saahmed/private-devfile-reg:latest".

docker login registry.gitlab.com

docker pull registry.gitlab.com/gitlab-org/remote-development/gitlab-remote-development-docs/ubuntu:22.04
docker tag registry.gitlab.com/gitlab-org/remote-development/gitlab-remote-development-docs/ubuntu:22.04 registry.gitlab.com/saahmed/private-devfile-reg:latest
docker push registry.gitlab.com/saahmed/private-devfile-reg:latest

• Create a PAT on .com with read_api permissions and use this PAT to create a Kubernetes secret containing the image pull secrets to be used by each workspace. eg:

kubectl create namespace test-secret-namespace

kubectl create secret docker-registry test-secret-name  \
  --docker-server=registry.gitlab.com \
  --docker-username=saahmed \
  --docker-password=glpat-donotaskformysecret \
  --docker-email=safhmed@gitlab.com \
  --namespace=test-secret-namespace

• Add to your workspace agent_config file the following lines:

      - '192.168.0.0/16'
  ## .....
  image_pull_secrets: # ADD THIS
     - name: test-secret-name
       namespace: test-secret-namespace

• Update the project devfile to use the private image.

....
schemaVersion: 2.2.0
components:
  - name: tooling-container
    attributes:
      gl/inject-editor: true
    container:
      image: "registry.gitlab.com/saahmed/private-devfile-reg:latest"

• Create a workspace using that project. Observation The workspace successfully created and accessible
• Restart the created workspace. Observation The workspace successfully restarts and is accessible
• Stop and start the created workspace. Observation The workspace successfully stops and gets restarted and is accessible
• Check if service account has been created and has the image pull secret name in the namespace of the workspace.
• Check the workspace pod has the service account name.