fix: refresh EKS authentication token per request

[hwayoungjun]

Fixes #4731

Description

EKSAuthentication currently generates an EKS bearer token when provide() is called and stores it on the ApiClient as a static API key.

However, EKS authentication tokens are short-lived. Once the generated token expires, subsequent requests continue to use the same expired token and fail with an authentication error.

This change updates EKSAuthentication to install an OkHttp interceptor instead. The interceptor adds the bearer token to each request, reuses the token before expiry, and generates a new token after expiry.

Changes

• Add an OkHttp interceptor to EKSAuthentication
• Cache the generated EKS token until its configured expiry
• Refresh the token after expiry and use the refreshed token on subsequent requests
• Keep the maximum token expiry capped at 900 seconds
• Add tests for token injection, reuse before expiry, refresh after expiry, and expiry capping

Testing

• ./mvnw -pl util -am -Dtest=EKSAuthenticationTest -Dsurefire.failIfNoSpecifiedTests=false test
• ./mvnw -pl util spotless:check
• git diff --check

I also ran a manual smoke test against an EKS cluster with a 60 second token expiry:

• request at +0s succeeded
• request at +35s succeeded
• request at +70s succeeded

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: hwayoungjun
Once this PR has been reviewed and has the lgtm label, please assign yue9944882 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: hwayoungjun / name: hwayoungjun (e03ee9f)

[k8s-ci-robot]

Welcome @hwayoungjun!

It looks like this is your first PR to kubernetes-client/java 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-client/java has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃