Add support for Vault as UpstreamAuthority

[LaithLite]

See https://github.com/spiffe/spire/blob/v1.7.0/doc/plugin_server_upstreamauthority_vault.md

Adding the logic similar to:

• https://github.com/spiffe/helm-charts/blob/main/charts/spire/charts/spire-server/templates/configmap.yaml#L61-L73

Perhaps a reduced initial scope in implementation would be okay for now?

I am planning to create a PR templating the k8s_auth method

[edwbuck]

@LaithLite Can you clarify if this is using Vault's storage features to hold the upstream materials, or Vault's security APIs to generate credentials?

The first typically can expose materials through K8s volumes, but the second requires the plugin to initiate networked connections to Vault directly, without leveraging any k8s configuration.