CI: Use deployment instead of Pod for agnhost

This is a followup to 2ba28a33 (Revert "Wait for available API token in
a new namespace (#7045)", 2024-10-25).

While checking for the serviceaccount token is not effective, there is
still a race when creating a Pod directly, because the ServiceAccount
itself might not be created yet.
More details at https://github.com/kubernetes/kubernetes/issues/66689.

This cause very frequent flakes in our CI with spurious failures.

Use a Deployment instead ; it will takes cares of creating the Pods and
retrying ; it also let us use kubectl rollout status instead of manually
checking for the pods.