Create service account long-lived token

[Skybound1]

Attack path for creating a secret in a namespace that gets populated with a service account long lived token (CREATE_SA_TOKEN_VIA_SECRET)

Required permissions: create secret in namespace and reading that secret again after its been populated by the API server

Currently, IceKube is unable to know what permissions an entity will have on a newly created resource. So this is blocked until that can be added.