Add sidecar authentication scheme for k8s progress updates

[DaoWen]

Is your feature request related to a problem? Please describe.

The /progress API for POSTing job instance progress updates from k8s sidecars is initially being implemented unauthenticated. This obviously isn't ideal.

Describe the solution you'd like

We should inject some sort of unique auth token into our k8s sidecars which can be used for authn+authz on the /progress endpoint; i.e., the fact that you have the token implies that you are the sidecar (or at least that you have access to it), and therefore you have permission to post progress updates for the corresponding job instance.

Describe alternatives you've considered

• Leave it unauthenticated. Not ideal, but not a huge security hole either.
• Do full authentication. This might cause progress updates to trigger API rate limiting. Also requires real auth credentials (tokens or tickets) to be available in the sidecar.