[Bug] Kyverno docs state that no authentication is used in external service calls but a bearer token is passed in the HTTP header

[Dyex719]

Page link

https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-service-calls

Description

The kyverno docs under external service call state that:

At this time, authentication as part of these service calls is not supported.

However, a token is added to allow verification of the caller identity, using the token review API as seen here:
https://github.com/kyverno/kyverno/blob/main/pkg/engine/apicall/executor.go#L121

Expected behavior

Something along the lines of:

Authentication is provided by adding a bearer token to allow verification of the caller identity, using the token review API. At the moment, this token review API uses the default service account token as the bearer token.

Slack discussion

https://kubernetes.slack.com/archives/CLGR9BJU9/p1721163419677659

[welcome]

Thanks for opening your first issue here! Be sure to follow the issue template!