[HashiVault] - Reuse provider clients when possible

[neggert]

Describe the solution you'd like
We're using ES to sync secrets from a private Hashicorp Vault instance into our Kubernetes cluster. We're authenticating via LDAP and finding that ES is making lots of requests to the authorization endpoint, despite the fact that the auth endpoint returns a token that is valid for 30 minutes.

Digging into the code a little bit, it seems that the vault client saves this token correctly, but ES creates a new client each time it reconciles each secret. I'd like to see a change to ES so that it re-uses client objects where possible.

What is the added value?
This should reduce the number of authentication requests, which will reduce load on both ends of the connection.

Give us examples of the outcome

For our Hashicorp Vault setup described above, we should only see a request to the auth/ldap endpoint when the current token expires, in our case roughly every 30 minutes.

[gusfcarvalho]

related with #1194, but for Hashicorp vault provider.

Considerations there also apply, i.e. we should control sessions per secretstore-namespace-resourceversion, as a way to be sure we are not using the wrong session.

As also stated in #1244 - this implementation should be feature-gated and opted-in, in order to avoid bugs that would block token generation at all.

[github-actions]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.