[Feature] Configurable identity-relevant labels for Cilium Identities

[cbrke]

Is your feature request related to a problem? Please describe.
When using cilium it would be nice to have a configurable identity-relevant label filter for cilium identity creation.
Trivy-operator for example, spawns a new job with an unique label set for every scan. Therefore cilium generates a cilium identity for every job / image scan, which results in the cilium identity table overflowing. This results in network policy violations due the table not being able to be updated anymore.

Cilium itself recommends to limit the set of identity-relevant labels on large clusters.
"We recommend that operators with larger environments limit the set of identity-relevant labels to avoid frequent creation of new security identities. Many Kubernetes labels are not useful for policy enforcement or visibility. A few good examples of such labels include timestamps or hashes. These labels, when included in evaluation, cause Cilium to generate a unique identity for each pod instead of a single identity for all of the pods that comprise a service or application."

Describe the solution you'd like
Having the option to configure labels that are ignored for cilium identity creation during the creation of an AKS.

Describe alternatives you've considered
Switching to AKS BYO CNI, but I'd prefer to keep the Microsoft support for CNI-related issues.