cidr restriction on kubernetes auth backend

[idcmp]

All it takes is a developer to log the service account token for them to copy it off the pod and use it to gain access to the same resources the pod has access to. It would be handy if it was possible to restrict kubernetes auth's to a specified cidr (or set of cidrs).

[tyrannosaurus-becks]

@idcmp it's totally possible to add them! Thanks for floating that it'd be useful to you.

I've been slowly going through auth back ends and adding the capability when I have little moments in between things. Here's an example of how cidr restrictions were added for the userpass back end: #4557.

I'll add cidr restrictions to kubernetes at my next opportunity, which will probably be in the next few weeks, unless you beat me to it, which you're welcome to do.