`workload status` fails on pods without `spiffe-workload-api` volume (e.g. Istio)

[jsnctl]

cofidectl workload status relies on a debug pod being provisioned and mounted alongside the target pod on the spiffe-workload-api volume. Various SPIFFE use cases do not have this mount made explicitly available on the pod (e.g. Istio mounts SVIDs via SDS rather than via calls to the Workload API directly) and we see a failure when running the command:

💤 cofide-connect/ ./cofidectl workload status --namespace production --pod-name ping-pong-client-9bd4fbc84-m549p --trust-zone ce57a9f7
❌ Creating: Failed waiting for ephemeral debug container to be created in ping-pong-client-9bd4fbc84-m549p
Error: retrieving workload status failed: Pod "ping-pong-client-9bd4fbc84-m549p" is invalid: spec.ephemeralContainers[0].volumeMounts[0].name: Not found: "spiffe-workload-api"

There might not be an easy alternative in cases where the workload API mount is not available, but there should probably be more graceful error handling or a more specific error message here to alert the user this is down to the identity deployment pattern rather than a bug with the CLI or the workload in question