Add stickyBit support for emptydir volumes

[oliverguenther]

Enhancement Description

• One-line enhancement description (can be used as a release note): Add stickyBit support for emptydir volumes
• Kubernetes Enhancement Proposal: Add stickyBit support for emptydir kubernetes#130277
• Discussion Link: Set Sticky bit for emptyDir folders kubernetes#110835
• PRs by stage and milestone:
  • Alpha - v1.xx
    • KEP (k/enhancements) update PR(s):
    • Code (k/k) update PR(s): Add stickyBit support for emptydir kubernetes#130277
    • Docs (k/website) update PR(s):

Why is this relevant?
Many containerized Ruby applications require /tmp directories with the sticky bit set. Without it, emptyDir cannot be reliably used for temporary storage. This forces applications to fall back to ephemeral volumes (complex to manage) or RWX volumes (not well supported across providers).

Allowing emptyDir volumes to be mounted with the sticky bit set would greatly reduce operational complexity for such workloads.

Proposal
Instead of allowing arbitrary permissions (which could introduce risk), extend the spec to ensure the sticky bit can be applied to emptyDir regardless of permission settings. This provides a stable and predictable mechanism, even if future changes further restrict permissions.

[oliverguenther]

/sig node
/sig storage
/sig auth

[benjaminapetersen]

Reviewed during sig-auth-triage, our Kube 1.35 bucket is full so we will have to punt on reviewing this KEP for now.