Add token_reviewer_jwt as login parameter

[denniskniep]

For cases where we want to make use of short-lived k8s service account tokens, it would make sense to pass also the token_reviewer_jwt as parameter to the login endpoint. So that we pass two tokens:

1. jwt = k8s service account token jwt for authenticating with vault (including an appropriate audience for vault)
2. token_reviewer_jwt = k8s service account token jwt for authenticating with kubernetes tokenreview api (including an appropriate audience for kubernetes)

see code for reference:

vault-plugin-auth-kubernetes/path_login.go

Line 92 in 6f9c733

jwtStr, resp := b.getFieldValueStr(data, "jwt")

vault-plugin-auth-kubernetes/path_login.go

Line 148 in 6f9c733

err = serviceAccount.lookup(ctx, client, jwtStr, role.Audience, b.reviewFactory(config))

vault-plugin-auth-kubernetes/token_review.go

Lines 69 to 75 in 6f9c733

	// If we have a configured TokenReviewer JWT use it as the bearer, otherwise
	// try to use the passed in JWT.
	bearer := fmt.Sprintf("Bearer %s", jwt)
	if len(t.config.TokenReviewerJWT) > 0 {
	bearer = fmt.Sprintf("Bearer %s", t.config.TokenReviewerJWT)
	}
	setRequestHeader(req, bearer)

As an example this issue in cert-manager for reference:
cert-manager/cert-manager#6150 (comment)

Related cert-manager code