Security issue: nodes can receive IAM credentials for other nodes' pods

[JayBeale]

Have discovered and created an exploit for an authorization issue in Kiam.

Kiam-server allows every node's kiam-agent to request and receive token for the AWS roles in use on other nodes. This is due to the lack of a policy in in policy.go to check whether the kiam-agent's request is for a pod running on that kiam-agent's node.

This may be the issue that @iangcarroll is discussing in (Kiam Issue 516)(https://github.com/uswitch/kiam/issues/516].

[iangcarroll]

Unfortunately, the issue I discovered is different from this, but this is also a problem!