feat: hot load secret

[tchinmai7]

General:

• Have you removed all sensitive information, including but not limited to access keys and passwords?
• Have you checked to ensure there aren't other open or closed Pull Requests for the same bug/feature/question?

Pull Request Guidelines:

1. Does your submission pass tests?
2. Have you added tests?
3. Are you addressing a single feature in this PR?
4. Are your commits atomic, addressing one change per commit?
5. Are you following the conventions of the language?
6. Have you saved your large formatting changes for a different PR, so we can focus on your work?
7. Have you explained your rationale for why this feature is needed?
8. Have you linked your PR to an open issue

[codecov]

Codecov Report

❌ Patch coverage is 46.46465% with 53 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.41%. Comparing base (67d4687) to head (89aca44).

Files with missing lines	Patch %	Lines
cloud/linode/cloud.go	52.50%	25 Missing and 13 partials ⚠️
cloud/linode/client/client.go	21.05%	12 Missing and 3 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #576      +/-   ##
==========================================
- Coverage   73.63%   72.41%   -1.22%     
==========================================
  Files          19       19              
  Lines        2958     3052      +94     
==========================================
+ Hits         2178     2210      +32     
- Misses        525      566      +41     
- Partials      255      276      +21     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

This PR updates the Linode Cloud Controller Manager to source the Linode API token from a Kubernetes Secret at runtime (with caching), enabling token rotation without restarting the CCM. It also updates deployment manifests/Helm chart to configure the Secret reference via new CLI flags instead of injecting LINODE_API_TOKEN as an environment variable.

Changes:

• Add CLI flags and options for token Secret name/key/namespace, and switch token loading to a Kubernetes Secret provider with caching.
• Update the Linode API client to support a dynamic token provider (per-request Authorization header).
• Update Helm chart and static manifest to pass the new flags and remove LINODE_API_TOKEN env var usage; add/adjust unit tests for the new behavior.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
main.go	Adds CLI flags for token Secret name/key/namespace configuration.
cloud/linode/options/options.go	Extends options struct with token Secret reference fields.
cloud/linode/cloud.go	Implements Secret-backed token provider with caching and wires it into Linode client creation.
cloud/linode/client/client.go	Adds a token-injecting transport and TokenProvider support to refresh tokens without restarting.
cloud/linode/cloud_test.go	Adds tests for token caching/TTL parsing and updates existing newCloud tests to use fake Secret.
deploy/chart/values.yaml	Documents optional Secret namespace in Helm values.
deploy/chart/templates/daemonset.yaml	Passes new token Secret flags and removes LINODE_API_TOKEN env var injection.
deploy/ccm-linode-template.yaml	Updates static manifest to pass new token Secret flags and removes LINODE_API_TOKEN env var injection.