Classic confinement for kontena-lens

Few examples of kubeconfigs (just the interesting parts):

static client certificates (path can point to anywhere):

- name: minikube
  user:
    client-certificate: /home/jari/.minikube/client.crt
    client-key: /home/jari/.minikube/client.key

authentication via executable (can be anything, anywhere in local filesystem):

- name: jari@eks-kontena-nvme.eu-north-1.eksctl.io
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - eks-kontena-nvme
      command: aws-iam-authenticator
      env:
      - name: AWS_PROFILE
        value: kontenalabs

authentication via auth-provider (google uses this):

- name: gke_svc-vodka_europe-north1_jakolehm-europe-north1
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: /usr/local/Caskroom/google-cloud-sdk/latest/google-cloud-sdk/bin/gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp