tests: add test for sealed env secrets

The sealed secret test depends on the KBS to provide
the unsealed value of a vault secret.

This secret is provisioned to an environment variable.

Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>

tests/integration/kubernetes/runtimeclass_workloads/pod-sealed-secret.yaml

@@ -0,0 +1,36 @@
+# Copyright (c) 2023 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+apiVersion: v1
+kind: Pod
+metadata:
+  name: secret-test-pod-cc
+spec:
+  runtimeClassName: kata
+  containers:
+  - name: busybox
+    image: quay.io/prometheus/busybox:latest
+    imagePullPolicy: Always
+    command:
+    - sh
+    - -c
+    - |
+      env
+      echo "PROTECTED_SECRET = $PROTECTED_SECRET"
+      echo "UNPROTECTED_SECRET = $UNPROTECTED_SECRET"
+      sleep 1000
+
+    # Expose secret data Containers through environment.
+    env:
+    - name: PROTECTED_SECRET
+      valueFrom:
+        secretKeyRef:
+          name: sealed-secret
+          key: secret
+    - name: UNPROTECTED_SECRET
+      valueFrom:
+        secretKeyRef:
+          name: not-sealed-secret
+          key: secret
+