Define security strategy for API clients

[rareddy]

Is your feature request related to a problem? Please describe.
Define how the security (AuthZ) is handled when a user using the API clients.

When a user is using the REST API layer, the JWT token will be passed in a Header, and user information can be gleaned from that along with roles that can be used for the gating of certain operations by the user. When user is using API client such as Python API or Go API from their Notebooks and Pipelines, a similar gating of operations need to be done.

Describe the solution you'd like
When a Notebook is running, it typically runs under a Service Account or User Account. A Service Account is pre-confiured with certain roles. The Python/Go clients need to glean this information from the executing environment they are in and use that user's credentials.

[rareddy]

@danielezonca any guidance on this as to how the other components in the stack are managing similar requirements?