Workload identity federation is generally available

Workload identity federation is now generally available on the Tailscale platform, enhancing authentication for infrastructure workloads by eliminating the need for long-lived, hard-coded secrets. This feature allows CI/CD pipelines and cloud workloads to authenticate using federated OpenID Connect identities, streamlining secure automation at scale. The Tailscale API and Terraform provider support creating and managing federated identities, enabling trust configurations to be defined and managed entirely through code, which can be stored in version control for auditability and reproducibility. Additionally, automatic cloud token discovery and exchange are facilitated through a new command flag, and tsnet and the Tailscale Kubernetes operator now support workload identity federation, allowing applications and clusters to join tailnets without static credentials. This update simplifies the connection of CI systems, cloud services, and Kubernetes clusters to Tailscale, improving security and ease of management across various cloud environments.