Full details: running coder-agents on unsecure workspaces, where coder will not be on the workspace creation path, but we will like to register running pods as coder workspaces.

Impact: Ideally, I can provision a service account api token and only grant access to read a very specific field (in this case, the coder_parameter), so in the workspace which is NOT logged in as users, we can always register directly without needing coordination on the client/cli side. For context, we don't want to log in as users in the workspaces because these are unsecure pods.

Notes:"Ideally, there are ways that I can just give the workspace the following to register the pod in the associated workspace:
Shared API token (access is only scoped to get coder_agent_token for a specific template)
username
workspace
This is already enabled but coder-agent sometimes disconnects and we have to fall back to not having Coder integration while people use other tools to connect. "