Refactor provider-kubeconfig.py and add tests (#1457)

* Refactor provider-kubeconfig.py and add tests

* Updated test
* Fixed token issue
* Move sleep
* Add test that we can't create/delete in other namespace as consumer
* Add RBAC shadow parity check while keeping legacy runtime path.

- Keep old grouped provider/consumer RBAC as active source, add optional old-vs-new parity assertion for safer review, and document provider perms wildcard handling to match master behavior.
- Keep comment text neutral while preserving old-rule source-of-truth behavior for the shadow parity flow.
-Tighten kubeconfig integration assertions and namespace denial check.
- Validate that -x sets both cluster entry names and context cluster reference, and ensure the cross-namespace consumer denial test verifies the forbidden error references the target namespace.
- Update consumer integration test to assert allowed deployment and denied pod create.
- Replace the cross-namespace pod check with a behavior-valid assertion pair for current consumer RBAC: deployment creation succeeds while pod creation is forbidden using the generated consumer kubeconfig.

Author: anniegracehu