docs: add security considerations regarding automountServiceAccountToken

docs/security.md

@@ -9,3 +9,16 @@ While we aim for best practices in terms of security by default, due to the natu
 * Host Port is set. https://hub.armo.cloud/docs/c-0044 is not relevant since node-exporter is considered as a core platform component running as a DaemonSet.
 * Host PID is set to `true`, since node-exporter requires direct access to the host namespace to gather statistics.
 * Host Network is set to `true`, since node-exporter requires direct access to the host network to gather statistics.
+* `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecar requires connection to kubernetes API server.
+
+#### prometheus-adapter
+* `automountServiceAccountToken` is set to `true` on Pod level as application requires connection to kubernetes API server.
+
+#### blackbox-exporter
+* `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecar requires connection to kubernetes API server.
+
+#### kube-state-metrics
+* `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecars requires connection to kubernetes API server.
+
+#### prometheus-operator
+* `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecars requires connection to kubernetes API server.