49532f59a6
Automatic merge from submit-queue (batch tested with PRs 58626, 58791). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. serviceaccount: check token is issued by correct iss before verifying Right now if a JWT for an unknown issuer, for any subject hits the serviceaccount token authenticator, we return a errors as if the token was meant for us but we couldn't find a key to verify it. We should instead return nil, false, nil. This change helps us support multiple service account token authenticators with different issuers. https://github.com/kubernetes/kubernetes/issues/58790 ```release-note NONE ```