azure.workload.identity/inject-proxy-sidecar set to false is not respected

[dnitsch]

Describe the bug
When setting the annotation of azure.workload.identity/inject-proxy-sidecar to false this is not respected as the shouldInjectProxySidecar helper method only checks the existance of the key in the map and not the value.

The docs do say somewhat misleadingly to set this value to true or false if you want the migration sidecar container

https://learn.microsoft.com/en-us/azure/aks/workload-identity-migrate-from-pod-identity#deploy-the-workload-with-migration-sidecar

However, it would be a much nicer user experience to have a flag respected.

Steps To Reproduce

create a deployment and set the azure.workload.identity/inject-proxy-sidecar to false and then query the pods for that deployment and you will see a azwi-proxy and awei-proxy-init containers added as well as all the required volumes and env variables.

Expected behavior

setting the azure.workload.identity/inject-proxy-sidecar value to false is respected and sidecar creation is skipped.

Logs

Environment

• Kubernetes version (use kubectl version):
  v1.26.6
  GoVersion:"go1.19.10", Compiler:"gc", Platform:"linux/amd64"}
• Cloud provider or hardware configuration:
• Azure (AKS)
• OS (e.g: cat /etc/os-release):
• Kernel (e.g. uname -a):
• Install tools:
• Network plugin and version (if this is a network-related bug):
• Others:

Additional context