Ability to define trusted service account + namespace when using Kubernetes Auth method

[tstraley]

Based on these docs, if a client provides it's service account token and it is validated as being part of the same Kubernetes cluster that Flipt is running in, that client will be authorized and receives a client access token.

It would be great if Flipt could be configured with a list of trusted / allowed service account name + namespace pairs that are verified from the jwt claims, rather than trusting any service account in the cluster. This can be used to provide more refined auth where only the specific clients that we want to connect to the service are allowed.

[markphelps]

Great suggestion @tstraley ! im going to turn this into an issue / feature request!