Support automountServiceAccountToken in teleport-cluster helm charts

[rohithrrao]

What would you like Teleport to do?
teleport-custer helm charts should support support setting the value of automountServiceAccountToken

What problem does this solve?
Disabling ServiceAccount token mounts is a common security best practice and also a requirement for some production environments.

If a workaround exists, please include it.
Create your own ServiceAccount with automountServiceAccountToken set to false. But it increases the maintenance burden on Helm chart users.

[webvictim]

Hey @rohithrrao, @hugoShaka and I talked about this and we decided not to expose the automountServiceAccountToken value for users to configure, but instead to automatically set it to false on newer Kubernetes distributions which support the use of projected service account tokens.

This is more in line with Teleport's overall stance of "security by default" and should just automatically follow best practice when supported by the underlying Kubernetes cluster.

Thank you for the suggestion!

[hugoShaka]

Please note that this will not change anything for the pods as every deployment from the chart already disables automatic SA creds mount when projected volumes are supported.