Add support for disabling SA token automount for Scheduler

[dan-osterrath]

---

This PR adds support to the Airflow Helm chart for disabling the service account token automounting into the Airflow Scheduler pods. This might be restricted by cluster policies for security reasons and best practices. When automounting is disabled and the executor is a Pod launching executor (CeleryExecutor, CeleryKubernetesExecutor, KubernetesExecutor or LocalKubernetesExecutor), the service account token is mounted manually into the Schedulers container. You can configure some token parameters like volume name, mount path, token audience and TTL. By default the service account token is still mounted automatically to keep backward compatibility. There are sensible defaults for the token parameters to keep backward compatibility.

closes: #59099
related: #30722 #43464

[boring-cyborg]

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide (https://github.com/apache/airflow/blob/main/contributing-docs/README.rst)
Here are some useful points:

• Pay attention to the quality of your code (ruff, mypy and type annotations). Our prek-hooks will help you with that.
• In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
• Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
• Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
• Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
• Be sure to read the Airflow Coding style.
• Always keep your Pull Requests rebased, otherwise your build might fail due to changes not related to your commits.
  Apache Airflow is a community-driven project and together we are making it better 🚀.
  In case of doubts contact the developers at:
  Mailing List: dev@airflow.apache.org
  Slack: https://s.apache.org/airflow-slack

[jscheffl]

Thanks for the PR and the extensive documentation added. Not many PRs make such a good and proper documentation alongside the functional contribution!

Two pieces are too verbose, can you adjust these? Then in my view it is okay to be merged.

[jscheffl]

Looks good for me now! Let's make CI green and then LGTM!

[jscheffl]

Ups, some nit in RST formatting - can you fix?

[dan-osterrath]

Looks good for me now! Let's make CI green and then LGTM!

Is there any way to make these flaky tests green? Can I retrigger them on my own somehow?

downloading uv 0.9.16 x86_64-unknown-linux-gnu
curl: (22) The requested URL returned error: 504
failed to download https://github.com/astral-sh/uv/releases/download/0.9.16/uv-x86_64-unknown-linux-gnu.tar.gz
this may be a standard network error, but it may also indicate
that uv's release process is not working. When in doubt
please feel free to open an issue!

[potiuk]

Is there any way to make these flaky tests green? Can I retrigger them on my own somehow?

Yes. Rebase your PR or close/reopen it - the problem was with GitHub having hiccups - so those were not flaky tests - those were tests that did not run because GitHub infrastructure had problems.

[boring-cyborg]

Awesome work, congrats on your first merged pull request! You are invited to check our Issue Tracker for additional contributions.