RFD191: Rework Workload Identity Configuration and RBAC UX (#49133)

* Add skeleton RFD

* Outline problem space

* Further explain the negatives of the role templatign alternative

* Fill out RFD elements further

* Keep expanding on UX

* Discuss risks/mitigation

* Add notes on performance

* Notes on propagating join attributes

* Outline basic algorithm of the issuance RPC

* Add note on WorkloadIdentity cap

* Keep adding detail

* Add hint

* Add more notes on attribute conversion

* Tighten up some language

* Update rfd/0191-workload-id-config-ux.md

Co-authored-by: Tim Buckley <[email protected]>

* More restructuring/rethinking

* Add info about tester

* Add more notes on predicate language

* Add section on DNS SANs

* Simplify available operators

* Further flesh out the proto specs

* Fill out more protos/examples

* Add exhaustive representation

* Add TTL controls

* Add more operators/refactor naming a little

* Update limit to 20

* Add notes on web ui

* Add notes on CEL

* Add botinstanceied

---------

Co-authored-by: Tim Buckley <[email protected]>